Fiye da shekaru biyu sun shuɗe tun lokacin binciken lambar ƙarshe na aikin LLVM ta amfani da mai nazarin PVS-Studio. Bari mu tabbatar cewa PVS-Studio analyzer har yanzu babban kayan aiki ne don gano kurakurai da yuwuwar lahani. Don yin wannan, za mu bincika mu nemo sabbin kurakurai a cikin sakin LLVM 8.0.0.
Labarin da za a rubuta
A gaskiya, ba na son rubuta wannan labarin. Ba abin sha'awa ba ne a rubuta game da aikin da muka riga muka bincika sau da yawa (, , ). Zai fi kyau in rubuta game da sabon abu, amma ba ni da zabi.
Duk lokacin da aka saki ko sabunta sabon sigar LLVM , muna karɓar tambayoyi irin waɗannan a cikin wasiƙarmu:
Duba, sabon sigar Clang Static Analyzer ya koyi nemo sabbin kurakurai! Da alama a gare ni cewa dacewa da amfani da PVS-Studio yana raguwa. Clang ya sami ƙarin kurakurai fiye da baya kuma yana kama da damar PVS-Studio. Menene ra'ayinku akan wannan?
Don wannan koyaushe ina son amsa wani abu kamar:
Mu ma ba ma zaman banza! Mun inganta iyawar mai nazarin PVS-Studio sosai. Don haka kada ku damu, muna ci gaba da jagoranci kamar da.
Abin takaici, wannan mummunar amsa ce. Babu hujja a cikinsa. Kuma shi ya sa nake rubuta wannan labarin a yanzu. Don haka, an sake duba aikin LLVM kuma an sami kurakurai iri-iri a ciki. Yanzu zan nuna waɗanda suka yi kama da ban sha'awa a gare ni. Clang Static Analyzer ba zai iya samun waɗannan kurakurai ba (ko yana da matukar wahala a yi hakan tare da taimakonsa). Amma za mu iya. Bugu da ƙari, na sami kuma na rubuta duk waɗannan kurakurai a maraice ɗaya.
Amma rubuta labarin ya ɗauki makonni da yawa. Ba zan iya kawo kaina ba don sanya duk wannan cikin rubutu :).
Af, idan kuna sha'awar abin da ake amfani da fasahar a cikin PVS-Studio analyzer don gano kurakurai da yuwuwar rauni, to ina ba da shawarar sanin wannan. .
Sabbi da tsofaffin bincike
Kamar yadda aka riga aka ambata, kimanin shekaru biyu da suka gabata an sake duba aikin LLVM, kuma an gyara kurakurai da aka samu. Yanzu wannan labarin zai gabatar da sabon tsari na kurakurai. Me yasa aka sami sababbin kwari? Akwai dalilai 3 akan haka:
- Aikin LLVM yana tasowa, yana canza tsohuwar lamba da ƙara sabon lamba. A zahiri, akwai sabbin kurakurai a cikin lambar da aka gyara da kuma rubuce-rubuce. Wannan yana nuna a fili cewa ya kamata a yi amfani da bincike akai-akai akai-akai, ba lokaci-lokaci ba. Labarinmu yana nuna da kyau iyawar PVS-Studio analyzer, amma wannan ba shi da alaƙa da haɓaka ingancin lambar da rage farashin gyara kurakurai. Yi amfani da na'urar tantance lambar tsaye akai-akai!
- Muna kammalawa kuma muna inganta binciken da ake ciki. Saboda haka, mai nazari na iya gano kurakuran da bai lura da su ba yayin binciken da ya gabata.
- Sabbin bincike sun bayyana a PVS-Studio wanda bai wanzu shekaru 2 da suka gabata. Na yanke shawarar haskaka su a cikin wani sashe daban don nuna a fili ci gaban PVS-Studio.
Abubuwan da aka gano ta hanyar bincike da suka wanzu shekaru 2 da suka gabata
Juzu'i N1: Kwafi-Manna
static bool ShouldUpgradeX86Intrinsic(Function *F, StringRef Name) {
if (Name == "addcarryx.u32" || // Added in 8.0
....
Name == "avx512.mask.cvtps2pd.128" || // Added in 7.0
Name == "avx512.mask.cvtps2pd.256" || // Added in 7.0
Name == "avx512.cvtusi2sd" || // Added in 7.0
Name.startswith("avx512.mask.permvar.") || // Added in 7.0 // <=
Name.startswith("avx512.mask.permvar.") || // Added in 7.0 // <=
Name == "sse2.pmulu.dq" || // Added in 7.0
Name == "sse41.pmuldq" || // Added in 7.0
Name == "avx2.pmulu.dq" || // Added in 7.0
....
}Gargadi na PVS-Studio: [CWE-570] Akwai nau'ikan ƙananan bayanan 'Name.startswith("avx512.mask.permvar.")' zuwa hagu da dama na'||' ma'aikaci. AutoUpgrade.cpp 73
An duba sau biyu cewa sunan yana farawa da maƙarƙashiya "avx512.mask.permvar.". A cak na biyu, tabbas sun so rubuta wani abu dabam, amma sun manta da gyara rubutun da aka kwafi.
Kashi na N2: Typo
enum CXNameRefFlags {
CXNameRange_WantQualifier = 0x1,
CXNameRange_WantTemplateArgs = 0x2,
CXNameRange_WantSinglePiece = 0x4
};
void AnnotateTokensWorker::HandlePostPonedChildCursor(
CXCursor Cursor, unsigned StartTokenIndex) {
const auto flags = CXNameRange_WantQualifier | CXNameRange_WantQualifier;
....
}Gargadi PVS-Studio: V501 Akwai ƙananan bayanai iri ɗaya 'CXNameRange_WantQualifier' zuwa hagu da dama na '|' ma'aikaci. Farashin 7245
Saboda typo, mai suna akai akai ana amfani dashi sau biyu CXNameRange_WantQualifier.
Juzu'i N3: Rudani tare da fifikon mai aiki
int PPCTTIImpl::getVectorInstrCost(unsigned Opcode, Type *Val, unsigned Index) {
....
if (ISD == ISD::EXTRACT_VECTOR_ELT && Index == ST->isLittleEndian() ? 1 : 0)
return 0;
....
}Gargadi na PVS-Studio: [CWE-783] Wataƙila ma'aikacin '?:' yana aiki ta wata hanya dabam fiye da yadda ake tsammani. Ma'aikacin '?:' yana da ƙaramin fifiko fiye da ma'aikacin'==. PPCTargetTransformInfo.cpp 404
A ganina, wannan kuskure ne mai kyau. Ee, na san ina da ra'ayoyi masu ban mamaki game da kyakkyawa :).
Yanzu, a cewar , ana kimanta magana kamar haka:
(ISD == ISD::EXTRACT_VECTOR_ELT && (Index == ST->isLittleEndian())) ? 1 : 0Daga ra'ayi mai amfani, irin wannan yanayin ba shi da ma'ana, tun da ana iya rage shi zuwa:
(ISD == ISD::EXTRACT_VECTOR_ELT && Index == ST->isLittleEndian())Wannan kuskure ne bayyananne. Mafi mahimmanci, sun so su kwatanta 0/1 tare da m index. Don gyara lambar kuna buƙatar ƙara ƙira a kusa da afareta na ternary:
if (ISD == ISD::EXTRACT_VECTOR_ELT && Index == (ST->isLittleEndian() ? 1 : 0))Af, ma'aikacin ternary yana da haɗari sosai kuma yana haifar da kurakurai masu ma'ana. Ku kiyaye sosai da shi kuma kada ku kasance masu kwadayi da baka. Na kalli wannan batu daki-daki , a cikin babin “Ku Yi Hattara da ?: Mai Gudanarwa kuma Ku Haɗe shi cikin Halayen Iyaye.”
Juzu'i N4, N5: Null pointer
Init *TGParser::ParseValue(Record *CurRec, RecTy *ItemType, IDParseMode Mode) {
....
TypedInit *LHS = dyn_cast<TypedInit>(Result);
....
LHS = dyn_cast<TypedInit>(
UnOpInit::get(UnOpInit::CAST, LHS, StringRecTy::get())
->Fold(CurRec));
if (!LHS) {
Error(PasteLoc, Twine("can't cast '") + LHS->getAsString() +
"' to string");
return nullptr;
}
....
}Gargadi na PVS-Studio: [CWE-476] Za a iya yin watsi da ma'anar null 'LHS'. TGParser.cpp 2152
Idan mai nuni LHS banza ne, ya kamata a ba da gargaɗi. Duk da haka, a maimakon haka, za a soke wannan ma'anar null: LHS->getAsString().
Wannan lamari ne na yau da kullun idan an ɓoye kuskure a cikin mai sarrafa kuskure, tunda babu wanda ya gwada su. Masu nazari a tsaye suna duba duk lambar da za a iya kaiwa, komai sau nawa ake amfani da ita. Wannan kyakkyawan misali ne na yadda bincike a tsaye ya cika wasu dabaru na kariyar gwaji da kuskure.
Kuskuren sarrafa ma'ana iri ɗaya RHS An ba da izini a cikin lambar da ke ƙasa: V522 [CWE-476] Ƙirar ma'anar 'RHS' na iya faruwa. TGParser.cpp 2186
Juzu'i N6: Yin amfani da mai nuni bayan motsi
static Expected<bool>
ExtractBlocks(....)
{
....
std::unique_ptr<Module> ProgClone = CloneModule(BD.getProgram(), VMap);
....
BD.setNewProgram(std::move(ProgClone)); // <=
MiscompiledFunctions.clear();
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {
Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first); // <=
assert(NewF && "Function not found??");
MiscompiledFunctions.push_back(NewF);
}
....
}Gargadi na PVS-Studio: V522 [CWE-476] Ƙirar ma'anar 'ProgClone' na iya faruwa. Kuskuren.cpp 601
A farkon mai nuna wayo ProgClone ya daina mallakar abin:
BD.setNewProgram(std::move(ProgClone));A gaskiya, yanzu ProgClone null pointer ne. Don haka, ya kamata a yi watsi da maƙasudin null a ƙasa:
Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first);Amma, a gaskiya, wannan ba zai faru ba! Lura cewa ba a zahiri aiwatar da madauki ba.
A farkon akwati Ayyukan da ba daidai ba share:
MiscompiledFunctions.clear();Bayan haka, ana amfani da girman wannan akwati a cikin yanayin madauki:
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {Yana da sauƙin ganin cewa madauki ba ya farawa. Ina tsammanin wannan ma kwaro ne kuma yakamata a rubuta lambar daban.
Da alama mun ci karo da wannan sanannen daidaitattun kurakurai! Kuskure ɗaya yana rufe wani :).
Juzu'i N7: Yin amfani da mai nuni bayan motsi
static Expected<bool> TestOptimizer(BugDriver &BD, std::unique_ptr<Module> Test,
std::unique_ptr<Module> Safe) {
outs() << " Optimizing functions being tested: ";
std::unique_ptr<Module> Optimized =
BD.runPassesOn(Test.get(), BD.getPassesToRun());
if (!Optimized) {
errs() << " Error running this sequence of passes"
<< " on the input program!n";
BD.setNewProgram(std::move(Test)); // <=
BD.EmitProgressBitcode(*Test, "pass-error", false); // <=
if (Error E = BD.debugOptimizerCrash())
return std::move(E);
return false;
}
....
}Gargadi na PVS-Studio: V522 [CWE-476] Za a iya yin watsi da ma'anar 'Gwaji' mara amfani. Kuskuren.cpp 709
Haka lamarin kuma. Da farko, ana motsa abin da ke cikin abin, sannan a yi amfani da shi kamar babu abin da ya faru. Ina ganin wannan yanayin sau da yawa a cikin lambar shirin bayan bayanan motsi ya bayyana a C ++. Wannan shine dalilin da ya sa nake son yaren C++! Akwai ƙarin sabbin hanyoyin da za a harbe ƙafar ku. Mai nazarin PVS-Studio koyaushe yana da aiki :).
Juzu'i N8: Null pointer
void FunctionDumper::dump(const PDBSymbolTypeFunctionArg &Symbol) {
uint32_t TypeId = Symbol.getTypeId();
auto Type = Symbol.getSession().getSymbolById(TypeId);
if (Type)
Printer << "<unknown-type>";
else
Type->dump(*this);
}Gargadi na PVS-Studio: V522 [CWE-476] Ƙirar ma'anar 'Nau'i' na iya faruwa. PrettyFunctionDumper.cpp 233
Baya ga masu sarrafa kuskure, yawanci ba a gwada ayyukan buga bugu ba. Muna da irin wannan harka a gabanmu. Ayyukan yana jiran mai amfani, wanda, maimakon magance matsalolinsa, za a tilasta masa gyara shi.
Daidai:
if (Type)
Type->dump(*this);
else
Printer << "<unknown-type>";Juzu'i N9: Null pointer
void SearchableTableEmitter::collectTableEntries(
GenericTable &Table, const std::vector<Record *> &Items) {
....
RecTy *Ty = resolveTypes(Field.RecType, TI->getType());
if (!Ty) // <=
PrintFatalError(Twine("Field '") + Field.Name + "' of table '" +
Table.Name + "' has incompatible type: " +
Ty->getAsString() + " vs. " + // <=
TI->getType()->getAsString());
....
}Gargadi na PVS-Studio: V522 [CWE-476] Ƙirar ma'anar null 'Ty' na iya faruwa. NemanTableEmitter.cpp 614
Ina tsammanin komai a bayyane yake kuma baya buƙatar bayani.
Kashi na N10: Typo
bool FormatTokenLexer::tryMergeCSharpNullConditionals() {
....
auto &Identifier = *(Tokens.end() - 2);
auto &Question = *(Tokens.end() - 1);
....
Identifier->ColumnWidth += Question->ColumnWidth;
Identifier->Type = Identifier->Type; // <=
Tokens.erase(Tokens.end() - 1);
return true;
}Gargadi na PVS-Studio: An sanya ma'anar 'Identifier->Nau'i' ga kanta. Tsarin TokenLexer.cpp 249
Babu ma'ana a sanya ma'anar canji ga kanta. Wataƙila sun so rubuta:
Identifier->Type = Question->Type;Ɓangare N11: Rashin tuhuma
void SystemZOperand::print(raw_ostream &OS) const {
switch (Kind) {
break;
case KindToken:
OS << "Token:" << getToken();
break;
case KindReg:
OS << "Reg:" << SystemZInstPrinter::getRegisterName(getReg());
break;
....
}Gargadi na PVS-Studio: [CWE-478] Yi la'akari da duba bayanin 'canzawa'. Yana yiwuwa ma'aikacin 'harka' na farko ya ɓace. SystemZAsmParser.cpp 652
Akwai ma'aikaci mai tuhuma sosai a farkon hutu. Shin kun manta rubuta wani abu kuma anan?
Ɓangare N12: Duba mai nuni bayan cirewa
InlineCost AMDGPUInliner::getInlineCost(CallSite CS) {
Function *Callee = CS.getCalledFunction();
Function *Caller = CS.getCaller();
TargetTransformInfo &TTI = TTIWP->getTTI(*Callee);
if (!Callee || Callee->isDeclaration())
return llvm::InlineCost::getNever("undefined callee");
....
}Gargadi na PVS-Studio: [CWE-476] An yi amfani da alamar 'Callee' kafin a tabbatar da ita a kan nullptr. Duba layi: 172, 174. AMDGPUInline.cpp 172
Manuniya Kalli a farkon an soke a lokacin da ake kira aikin samun TTI.
Kuma sai ya zama cewa ya kamata a duba wannan mai nuni don daidaito nulptr:
if (!Callee || Callee->isDeclaration())Amma ya yi latti…
Juzu'i N13 - N...: Duba mai nuna alama bayan cirewa
Halin da aka tattauna a cikin guntun lambar da ta gabata ba ta musamman ba ce. Ya bayyana a nan:
static Value *optimizeDoubleFP(CallInst *CI, IRBuilder<> &B,
bool isBinary, bool isPrecise = false) {
....
Function *CalleeFn = CI->getCalledFunction();
StringRef CalleeNm = CalleeFn->getName(); // <=
AttributeList CalleeAt = CalleeFn->getAttributes();
if (CalleeFn && !CalleeFn->isIntrinsic()) { // <=
....
}Gargadi na PVS-Studio: V595 [CWE-476] An yi amfani da alamar 'CalleeFn' kafin a tabbatar da ita a kan nullptr. Duba layi: 1079, 1081. SimplifyLibCalls.cpp 1079
Kuma a nan:
void Sema::InstantiateAttrs(const MultiLevelTemplateArgumentList &TemplateArgs,
const Decl *Tmpl, Decl *New,
LateInstantiatedAttrVec *LateAttrs,
LocalInstantiationScope *OuterMostScope) {
....
NamedDecl *ND = dyn_cast<NamedDecl>(New);
CXXRecordDecl *ThisContext =
dyn_cast_or_null<CXXRecordDecl>(ND->getDeclContext()); // <=
CXXThisScopeRAII ThisScope(*this, ThisContext, Qualifiers(),
ND && ND->isCXXInstanceMember()); // <=
....
}Gargadi na PVS-Studio: V595 [CWE-476] An yi amfani da alamar 'ND' kafin a tabbatar da ita a kan nullptr. Duba layi: 532, 534. SemaTemplateInstantiateDecl.cpp 532
Kuma a nan:
- V595 [CWE-476] An yi amfani da alamar 'U' kafin a tabbatar da ita a kan nullptr. Duba layi: 404, 407. DWARFormValue.cpp 404
- V595 [CWE-476] An yi amfani da alamar 'ND' kafin a tabbatar da ita a kan nullptr. Duba layi: 2149, 2151. SemaTemplateInstantiate.cpp 2149
Daga nan sai na zama mara sha'awar nazarin gargaɗin mai lamba V595. Don haka ban sani ba ko akwai kurakurai makamantan haka banda waɗanda aka lissafa a nan. Mai yiwuwa akwai.
Juzu'i N17, N18: Canjin tuhuma
static inline bool processLogicalImmediate(uint64_t Imm, unsigned RegSize,
uint64_t &Encoding) {
....
unsigned Size = RegSize;
....
uint64_t NImms = ~(Size-1) << 1;
....
}Gargadi na PVS-Studio: [CWE-190] Yi la'akari da duba '~ (Girman - 1) << 1' magana. Canjin Bit na ƙimar 32-bit tare da haɓaka gaba zuwa nau'in 64-bit. AArch64AddressingModes.h 260
Yana iya zama ba bug ba kuma lambar tana aiki daidai yadda aka yi niyya. Amma a fili wannan wuri ne mai cike da tuhuma kuma yana buƙatar dubawa.
Bari mu ce m size daidai yake da 16, sa'an nan kuma marubucin lambar ya shirya don samun shi a cikin ma'auni NImms ma'ana:
1111111111111111111111111111111111111111111111111111111111100000
Koyaya, a zahiri sakamakon zai kasance:
0000000000000000000000000000000011111111111111111111111111100000
Gaskiyar ita ce, duk lissafin yana faruwa ta amfani da nau'in 32-bit wanda ba a sanya hannu ba. Sannan kawai, wannan nau'in 32-bit wanda ba a sanya hannu ba za a faɗaɗa shi kai tsaye zuwa syeda_tasai. A wannan yanayin, mafi mahimmancin ragi za su zama sifili.
Kuna iya gyara lamarin kamar haka:
uint64_t NImms = ~static_cast<uint64_t>(Size-1) << 1;Irin wannan yanayi: V629 [CWE-190] Yi la'akari da duba kalmar 'Immr << 6'. Canjin Bit na ƙimar 32-bit tare da haɓaka gaba zuwa nau'in 64-bit. AArch64AddressingModes.h 269
Juzu'i N19: Ma'anar kalmar da ta ɓace wani?
void AMDGPUAsmParser::cvtDPP(MCInst &Inst, const OperandVector &Operands) {
....
if (Op.isReg() && Op.Reg.RegNo == AMDGPU::VCC) {
// VOP2b (v_add_u32, v_sub_u32 ...) dpp use "vcc" token.
// Skip it.
continue;
} if (isRegOrImmWithInputMods(Desc, Inst.getNumOperands())) { // <=
Op.addRegWithFPInputModsOperands(Inst, 2);
} else if (Op.isDPPCtrl()) {
Op.addImmOperands(Inst, 1);
} else if (Op.isImm()) {
// Handle optional arguments
OptionalIdx[Op.getImmTy()] = I;
} else {
llvm_unreachable("Invalid operand type");
}
....
}Gargadi na PVS-Studio: [CWE-670] Yi la'akari da bincika dabaru na aikace-aikacen. Yana yiwuwa ma'anar kalmar 'wani' ta ɓace. AMDGPUAsmParser.cpp 5655
Babu kuskure a nan. Tun daga lokacin-block na farko if ya ƙare da ci gaba, to ba komai, akwai keyword wani ko babu. Ko ta yaya code zai yi aiki iri ɗaya. Har yanzu an rasa wani yana sa lambar ba ta da tabbas kuma tana da haɗari. Idan nan gaba ci gaba bace, code zai fara aiki gaba daya daban. A ganina yana da kyau a ƙara wani.
Ɓangare N20: Rubuce-rubuce huɗu iri ɗaya
LLVM_DUMP_METHOD void Symbol::dump(raw_ostream &OS) const {
std::string Result;
if (isUndefined())
Result += "(undef) ";
if (isWeakDefined())
Result += "(weak-def) ";
if (isWeakReferenced())
Result += "(weak-ref) ";
if (isThreadLocalValue())
Result += "(tlv) ";
switch (Kind) {
case SymbolKind::GlobalSymbol:
Result + Name.str(); // <=
break;
case SymbolKind::ObjectiveCClass:
Result + "(ObjC Class) " + Name.str(); // <=
break;
case SymbolKind::ObjectiveCClassEHType:
Result + "(ObjC Class EH) " + Name.str(); // <=
break;
case SymbolKind::ObjectiveCInstanceVariable:
Result + "(ObjC IVar) " + Name.str(); // <=
break;
}
OS << Result;
}Gargadin PVS-Studio:
- V655 [CWE-480] An haɗe igiyoyin amma ba a yi amfani da su ba. Yi la'akari da duba maganganun 'Sakamako + Name.str()'. Alamar.cpp 32
- V655 [CWE-480] An haɗe igiyoyin amma ba a yi amfani da su ba. Yi la'akari da duba 'Sakamakon + "(ObjC Class)" + Name.str ()' furcin. Alamar.cpp 35
- V655 [CWE-480] An haɗe igiyoyin amma ba a yi amfani da su ba. Yi la'akari da duba 'Sakamakon +"(ObjC Class EH)" + Name.str ()" magana. Alamar.cpp 38
- V655 [CWE-480] An haɗe igiyoyin amma ba a yi amfani da su ba. Yi la'akari da duba 'Sakamakon + "(ObjC IVar)" + Name.str ()' furcin. Alamar.cpp 41
Ta hanyar haɗari, ana amfani da afaretan + maimakon mai aiki da +=. Sakamakon shine zane-zane waɗanda ba su da ma'ana.
Juzu'i N21: Halayyar da ba a bayyana ba
static void getReqFeatures(std::map<StringRef, int> &FeaturesMap,
const std::vector<Record *> &ReqFeatures) {
for (auto &R : ReqFeatures) {
StringRef AsmCondString = R->getValueAsString("AssemblerCondString");
SmallVector<StringRef, 4> Ops;
SplitString(AsmCondString, Ops, ",");
assert(!Ops.empty() && "AssemblerCondString cannot be empty");
for (auto &Op : Ops) {
assert(!Op.empty() && "Empty operator");
if (FeaturesMap.find(Op) == FeaturesMap.end())
FeaturesMap[Op] = FeaturesMap.size();
}
}
}Yi ƙoƙarin nemo lambar mai haɗari da kanka. Kuma wannan hoto ne don dauke hankali don kar a kalli amsar nan da nan:
Gargadi na PVS-Studio: [CWE-758] Ana amfani da gini mai haɗari: 'FeaturesMap[Op] = FeaturesMap.size()', inda 'FeaturesMap' ke ajin 'taswira'. Wannan na iya haifar da halayen da ba a bayyana ba. RISCVCompressInstEmitter.cpp 490
Layin matsala:
FeaturesMap[Op] = FeaturesMap.size();Idan kashi Op ba a samo shi ba, sannan an ƙirƙiri sabon kashi a cikin taswirar kuma an rubuta adadin abubuwan da ke cikin wannan taswira a wurin. Ba a san ko za a kira aikin ba size kafin ko bayan ƙara sabon kashi.
Juzu'i N22-N24: Maimaita ayyuka
Error MachOObjectFile::checkSymbolTable() const {
....
} else {
MachO::nlist STE = getSymbolTableEntry(SymDRI);
NType = STE.n_type; // <=
NType = STE.n_type; // <=
NSect = STE.n_sect;
NDesc = STE.n_desc;
NStrx = STE.n_strx;
NValue = STE.n_value;
}
....
}Gargadi na PVS-Studio: [CWE-563] Ana sanya madaidaicin 'NType' ƙima sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 1663, 1664. MachOObjectFile.cpp 1664
Bana jin akwai kuskure a nan. Kawai maimaita aikin da ba dole ba. Amma har yanzu kuskure.
Hakanan:
- V519 [CWE-563] Ana sanya madaidaicin 'B.NDesc' dabi'u sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 1488, 1489. lvm-nm.cpp 1489
- V519 [CWE-563] Ana sanya madaidaicin ƙima sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 59, 61. coff2yaml.cpp 61
Juzu'i N25-N27: Ƙarin sake aiki
Yanzu bari mu kalli wani nau'in sake fasalin aiki daban.
bool Vectorizer::vectorizeLoadChain(
ArrayRef<Instruction *> Chain,
SmallPtrSet<Instruction *, 16> *InstructionsProcessed) {
....
unsigned Alignment = getAlignment(L0);
....
unsigned NewAlign = getOrEnforceKnownAlignment(L0->getPointerOperand(),
StackAdjustedAlignment,
DL, L0, nullptr, &DT);
if (NewAlign != 0)
Alignment = NewAlign;
Alignment = NewAlign;
....
}Gargadi na PVS-Studio: V519 [CWE-563] Ana sanya madaidaicin 'daidaitacce' ƙima sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 1158, 1160. LoadStoreVectorizer.cpp 1160
Wannan bakon lamba ce wacce da alama ta ƙunshi kuskuren ma'ana. A farkon, m jeri an sanya darajar dangane da yanayin. Sannan aikin ya sake faruwa, amma yanzu ba tare da wani bincike ba.
Ana iya ganin irin wannan yanayi a nan:
- V519 [CWE-563] Ana sanya madaidaicin 'Tasirin' ƙima sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 152, 165. WebAssemblyRegStackify.cpp 165
- V519 [CWE-563] Ana sanya madaidaicin 'ExpectNoDerefChunk' ƙima sau biyu a jere. Wataƙila wannan kuskure ne. Duba layi: 4970, 4973. SemaType.cpp 4973
Juzu'i N28: Koyaushe yanayin gaskiya
static int readPrefixes(struct InternalInstruction* insn) {
....
uint8_t byte = 0;
uint8_t nextByte;
....
if (byte == 0xf3 && (nextByte == 0x88 || nextByte == 0x89 ||
nextByte == 0xc6 || nextByte == 0xc7)) {
insn->xAcquireRelease = true;
if (nextByte != 0x90) // PAUSE instruction support // <=
break;
}
....
}Gargadi na PVS-Studio: [CWE-571] Maganar 'nextByte!= 0x90' gaskiya ne koyaushe. X86DisassemblerDecoder.cpp 379
Dubawa baya da ma'ana. Mai canzawa nextByte ko da yaushe baya daidai da darajar 0x90, wanda ya biyo baya daga rajistan da ya gabata. Wannan wani nau'in kuskure ne na hankali.
Juzu'i N29 - N...: Koyaushe gaskiya/Sharuɗɗan ƙarya
Mai nazari yana ba da gargaɗi da yawa cewa yanayin gaba ɗaya () ko sashinsa () ko da yaushe gaskiya ne ko karya. Yawancin lokaci waɗannan ba kurakurai ba ne na gaske, amma kawai lambobi mara kyau, sakamakon fadada macro, da makamantansu. Duk da haka, yana da ma'ana mu kalli waɗannan gargaɗin, tun da kurakurai na gaskiya na faruwa lokaci zuwa lokaci. Misali, wannan sashin lambar yana da shakku:
static DecodeStatus DecodeGPRPairRegisterClass(MCInst &Inst, unsigned RegNo,
uint64_t Address, const void *Decoder) {
DecodeStatus S = MCDisassembler::Success;
if (RegNo > 13)
return MCDisassembler::Fail;
if ((RegNo & 1) || RegNo == 0xe)
S = MCDisassembler::SoftFail;
....
}Gargadi na PVS-Studio: [CWE-570] Wani ɓangare na maganganun sharadi koyaushe ƙarya ne: RegNo == 0xe. ARMDisassembler.cpp 939
0xE akai-akai shine ƙimar 14 a cikin ƙima. jarrabawa RegNo == 0xe baya da hankali domin idan RegNo> 13, to aikin zai kammala aiwatar da shi.
Akwai wasu gargaɗi da yawa tare da ID V547 da V560, amma kamar yadda suke , Ban sha'awar yin nazarin waɗannan gargaɗin ba. Ya riga ya bayyana cewa ina da isasshen abu don rubuta labarin :). Don haka, ba a san adadin kurakuran irin wannan ba a cikin LLVM ta amfani da PVS-Studio.
Zan ba ku misalin dalilin da ya sa yin nazarin waɗannan abubuwan da ke haifar da damuwa yana da ban sha'awa. Mai tantancewa yana da cikakkiyar dama wajen ba da gargaɗi don lambar mai zuwa. Amma wannan ba kuskure ba ne.
bool UnwrappedLineParser::parseBracedList(bool ContinueOnSemicolons,
tok::TokenKind ClosingBraceKind) {
bool HasError = false;
....
HasError = true;
if (!ContinueOnSemicolons)
return !HasError;
....
}Gargadi na PVS-Studio: V547 [CWE-570] Bayyanawa '!HasError' koyaushe ƙarya ne. UnwrappedLineParser.cpp 1635
Juzu'i N30: Komawar tuhuma
static bool
isImplicitlyDef(MachineRegisterInfo &MRI, unsigned Reg) {
for (MachineRegisterInfo::def_instr_iterator It = MRI.def_instr_begin(Reg),
E = MRI.def_instr_end(); It != E; ++It) {
return (*It).isImplicitDef();
}
....
}Gargadi na PVS-Studio: [CWE-670] 'dawo' mara iyaka a cikin madauki. R600EptimizeVectorRegisters.cpp 63
Wannan ko dai kuskure ne ko wata fasaha ta musamman da aka yi niyya don bayyana wani abu ga masu shirye-shiryen karanta lambar. Wannan ƙirar ba ta bayyana min komai ba kuma tana da shakku sosai. Zai fi kyau kada a rubuta kamar haka :).
Gaji? Sannan lokacin yin shayi ko kofi yayi.
Lalacewar da aka gano ta sabbin bincike
Ina tsammanin kunnawa 30 na tsofaffin bincike ya isa. Bari yanzu mu ga abin da za a iya samun abubuwa masu ban sha'awa tare da sabon binciken da ya bayyana a cikin mai nazari bayan cak. A wannan lokacin, an ƙara jimillar bincike-binciken maƙasudin maƙasudi guda 66 a cikin mai nazarin C++.
Juzu'i N31: Lambar da ba za a iya kaiwa ba
Error CtorDtorRunner::run() {
....
if (auto CtorDtorMap =
ES.lookup(JITDylibSearchList({{&JD, true}}), std::move(Names),
NoDependenciesToRegister, true))
{
....
return Error::success();
} else
return CtorDtorMap.takeError();
CtorDtorsByPriority.clear();
return Error::success();
}Gargadi na PVS-Studio: [CWE-561] An gano lambar da ba za a iya kaiwa ba. Yana yiwuwa kuskure ya kasance. ExecutionUtils.cpp 146
Kamar yadda kake gani, duka rassan mai aiki if ya ƙare da kira zuwa ga afareta samu. Saboda haka, akwati CtorDtorsByPriority ba za a taba sharewa ba.
Juzu'i N32: Lambar da ba za a iya kaiwa ba
bool LLParser::ParseSummaryEntry() {
....
switch (Lex.getKind()) {
case lltok::kw_gv:
return ParseGVEntry(SummaryID);
case lltok::kw_module:
return ParseModuleEntry(SummaryID);
case lltok::kw_typeid:
return ParseTypeIdEntry(SummaryID); // <=
break; // <=
default:
return Error(Lex.getLoc(), "unexpected summary kind");
}
Lex.setIgnoreColonInIdentifiers(false); // <=
return false;
}Gargadi na PVS-Studio: V779 [CWE-561] An gano lambar da ba za a iya kaiwa ba. Yana yiwuwa kuskure ya kasance. LLParser.cpp 835
Halin ban sha'awa. Bari mu fara duba wannan wuri:
return ParseTypeIdEntry(SummaryID);
break;A kallo na farko, da alama babu kuskure a nan. Yana kama da mai aiki hutu akwai ƙarin a nan, kuma za ku iya share shi kawai. Duk da haka, ba duka ba ne mai sauƙi.
Mai nazari yana ba da gargaɗi akan layukan:
Lex.setIgnoreColonInIdentifiers(false);
return false;Kuma hakika, wannan lambar ba za ta iya isa ba. Duk lokuta a canza yana ƙare da kira daga afareta samu. Kuma yanzu mara hankali kadai hutu bai yi kama da mara lahani ba! Wataƙila ɗaya daga cikin rassan ya kamata ya ƙare da hutuba a samu?
Juzu'i N33: Bazuwar sake saitin manyan ragi
unsigned getStubAlignment() override {
if (Arch == Triple::systemz)
return 8;
else
return 1;
}
Expected<unsigned>
RuntimeDyldImpl::emitSection(const ObjectFile &Obj,
const SectionRef &Section,
bool IsCode) {
....
uint64_t DataSize = Section.getSize();
....
if (StubBufSize > 0)
DataSize &= ~(getStubAlignment() - 1);
....
}Gargadi na PVS-Studio: Girman abin rufe fuska bit bai kai girman operand na farko ba. Wannan zai haifar da asarar mafi girma bits. RuntimeDyld.cpp 815
Lura cewa aikin samunStubAalignment nau'in dawowa ba a haɗa ba. Bari mu lissafta ƙimar magana, muna ɗauka cewa aikin ya dawo da ƙimar 8:
() - 1 ()
(8u-1)
0xFFFFFFFF8u
Yanzu lura cewa m Girman Data yana da nau'in 64-bit mara sa hannu. Ya bayyana cewa lokacin yin aikin DataSize & 0xFFFFFFF8u, za a sake saita duk manyan ragi guda talatin da biyu zuwa sifili. Mafi mahimmanci, wannan ba shine abin da mai shirye-shiryen ke so ba. Ina tsammanin yana so ya lissafta: DataSize & 0xFFFFFFFFFFFFFFFF8u.
Don gyara kuskuren, ya kamata ku rubuta wannan:
DataSize &= ~(static_cast<uint64_t>(getStubAlignment()) - 1);Ko kuma haka:
DataSize &= ~(getStubAlignment() - 1ULL);Juzu'i N34: Nau'in simintin gyare-gyaren da ba a yi nasara ba
template <typename T>
void scaleShuffleMask(int Scale, ArrayRef<T> Mask,
SmallVectorImpl<T> &ScaledMask) {
assert(0 < Scale && "Unexpected scaling factor");
int NumElts = Mask.size();
ScaledMask.assign(static_cast<size_t>(NumElts * Scale), -1);
....
}Gargadi na PVS-Studio: [CWE-190] Mai yuwuwar ambaliya. Yi la'akari da jefa operands na 'NumElts * Scale' afareta zuwa nau'in 'size_t', ba sakamakon ba. X86ISelLowering.h 1577
Ana amfani da fiyayyen nau'in simintin gyare-gyare don guje wa ambaliya yayin da ake ninka nau'in masu canji int. Koyaya, nau'in simintin simintin gyare-gyare a nan baya karewa daga ambaliya. Na farko, za a ninka masu canji, sannan kawai sakamakon 32-bit na ninkawa za a faɗaɗa zuwa nau'in. .
Juzu'i N35: Rashin Kwafi-Manna
Instruction *InstCombiner::visitFCmpInst(FCmpInst &I) {
....
if (!match(Op0, m_PosZeroFP()) && isKnownNeverNaN(Op0, &TLI)) {
I.setOperand(0, ConstantFP::getNullValue(Op0->getType()));
return &I;
}
if (!match(Op1, m_PosZeroFP()) && isKnownNeverNaN(Op1, &TLI)) {
I.setOperand(1, ConstantFP::getNullValue(Op0->getType())); // <=
return &I;
}
....
}[CWE-682] An sami guntuwar lamba guda biyu iri ɗaya. Wataƙila, wannan typo ne kuma ya kamata a yi amfani da mabambanta 'Op1' maimakon 'Op0'. InstCombineCompares.cpp 5507
Wannan sabon bincike mai ban sha'awa ya gano yanayin da aka kwafi lambar kuma an fara canza wasu sunaye a ciki, amma a wuri guda ba su gyara ba.
Lura cewa a cikin shinge na biyu sun canza Op0 a kan Op1. Amma a wuri guda ba su gyara shi ba. Mai yiwuwa an rubuta shi kamar haka:
if (!match(Op1, m_PosZeroFP()) && isKnownNeverNaN(Op1, &TLI)) {
I.setOperand(1, ConstantFP::getNullValue(Op1->getType()));
return &I;
}Juzu'i N36: Rudani Mai Ma'ana
struct Status {
unsigned Mask;
unsigned Mode;
Status() : Mask(0), Mode(0){};
Status(unsigned Mask, unsigned Mode) : Mask(Mask), Mode(Mode) {
Mode &= Mask;
};
....
};Gargadi na PVS-Studio: [CWE-563] An sanya madaidaicin 'Yanayin' amma ba'a amfani da shi zuwa ƙarshen aikin. SIModeRegister.cpp 48
Yana da matukar haɗari a ba da hujjar aiki sunaye iri ɗaya da ƴan aji. Yana da sauƙin ruɗewa. Muna da irin wannan harka a gabanmu. Wannan magana ba ta da ma'ana:
Mode &= Mask;Hujjar aikin tana canzawa. Shi ke nan. An daina amfani da wannan hujja. Wataƙila ya kamata ka rubuta shi kamar haka:
Status(unsigned Mask, unsigned Mode) : Mask(Mask), Mode(Mode) {
this->Mode &= Mask;
};Juzu'i N37: Rudani Mai Ma'ana
class SectionBase {
....
uint64_t Size = 0;
....
};
class SymbolTableSection : public SectionBase {
....
};
void SymbolTableSection::addSymbol(Twine Name, uint8_t Bind, uint8_t Type,
SectionBase *DefinedIn, uint64_t Value,
uint8_t Visibility, uint16_t Shndx,
uint64_t Size) {
....
Sym.Value = Value;
Sym.Visibility = Visibility;
Sym.Size = Size;
Sym.Index = Symbols.size();
Symbols.emplace_back(llvm::make_unique<Symbol>(Sym));
Size += this->EntrySize;
}Gargadi PVS-Studio: V1001 [CWE-563] Ana sanya madaidaicin 'Size' amma ba a yi amfani da shi a ƙarshen aikin ba. Abu.cpp 424
Lamarin dai yayi kama da na baya. Ya kamata a rubuta:
this->Size += this->EntrySize;Juzu'i N38-N47: Sun manta da duba index
A baya, mun kalli misalan haifar da bincike . Mahimmancinsa shine cewa an kawar da mai nuni a farkon, sannan kawai a duba. Binciken matasa sabanin haka a ma’ana, amma kuma yana bayyana kurakurai da yawa. Yana bayyana yanayi inda aka duba mai nuni a farkon sannan aka manta da yin hakan. Bari mu kalli irin waɗannan lokuta da aka samu a cikin LLVM.
int getGEPCost(Type *PointeeType, const Value *Ptr,
ArrayRef<const Value *> Operands) {
....
if (Ptr != nullptr) { // <=
assert(....);
BaseGV = dyn_cast<GlobalValue>(Ptr->stripPointerCasts());
}
bool HasBaseReg = (BaseGV == nullptr);
auto PtrSizeBits = DL.getPointerTypeSizeInBits(Ptr->getType()); // <=
....
}Gargadi na PVS-Studio: V1004 [CWE-476] An yi amfani da alamar 'Ptr' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 729, 738. TargetTransformInfoImpl.h 738
Mai canzawa Ptr zai iya zama daidai nulptr, kamar yadda bincike ya tabbatar:
if (Ptr != nullptr)Koyaya, a ƙasan wannan mai nuna an soke shi ba tare da tantancewa na farko ba:
auto PtrSizeBits = DL.getPointerTypeSizeInBits(Ptr->getType());Bari mu yi la’akari da wani lamari makamancin haka.
llvm::DISubprogram *CGDebugInfo::getFunctionFwdDeclOrStub(GlobalDecl GD,
bool Stub) {
....
auto *FD = dyn_cast<FunctionDecl>(GD.getDecl());
SmallVector<QualType, 16> ArgTypes;
if (FD) // <=
for (const ParmVarDecl *Parm : FD->parameters())
ArgTypes.push_back(Parm->getType());
CallingConv CC = FD->getType()->castAs<FunctionType>()->getCallConv(); // <=
....
}Gargadi na PVS-Studio: V1004 [CWE-476] An yi amfani da alamar 'FD' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 3228, 3231. CGDebugInfo.cpp 3231
Kula da alamar FD. Na tabbata matsalar a bayyane take kuma ba a buƙatar bayani na musamman.
Sannan kuma:
static void computePolynomialFromPointer(Value &Ptr, Polynomial &Result,
Value *&BasePtr,
const DataLayout &DL) {
PointerType *PtrTy = dyn_cast<PointerType>(Ptr.getType());
if (!PtrTy) { // <=
Result = Polynomial();
BasePtr = nullptr;
}
unsigned PointerBits =
DL.getIndexSizeInBits(PtrTy->getPointerAddressSpace()); // <=
....
}Gargadi na PVS-Studio: V1004 [CWE-476] An yi amfani da alamar 'PtrTy' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 960, 965. InterleavedLoadCombinePass.cpp 965
Yadda za a kare kanka daga irin waɗannan kurakurai? Kasance mai mai da hankali kan Code-Review kuma yi amfani da PVS-Studio static analyzer don bincika lambar ku akai-akai.
Babu wata ma'ana a cikin ambaton wasu guntuwar lambobi tare da kurakurai irin wannan. Zan bar jerin gargaɗi kawai a cikin labarin:
- V1004 [CWE-476] An yi amfani da alamar 'Expr' mara aminci bayan an tabbatar da ita a kan nullptr. Duba layi: 1049, 1078. DebugInfoMetadata.cpp 1078
- V1004 [CWE-476] An yi amfani da alamar 'PI' mara aminci bayan an tabbatar da ita a kan nullptr. Duba layi: 733, 753. LegacyPassManager.cpp 753
- V1004 [CWE-476] An yi amfani da alamar 'StatepointCall' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 4371, 4379. Verifier.cpp 4379
- V1004 [CWE-476] An yi amfani da alamar 'RV' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 2263, 2268. TGParser.cpp 2268
- V1004 [CWE-476] An yi amfani da alamar 'CalleeFn' mara aminci bayan an tabbatar da ita a kan nullptr. Duba layi: 1081, 1096. SimplifyLibCalls.cpp 1096
- V1004 [CWE-476] An yi amfani da alamar 'TC' ba tare da tsaro ba bayan an tabbatar da ita a kan nullptr. Duba layi: 1819, 1824. Driver.cpp 1824
Juzu'i N48-N60: Ba mahimmanci ba, amma lahani (yiwuwar ƙwaƙwalwar ajiya)
std::unique_ptr<IRMutator> createISelMutator() {
....
std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
Strategies.emplace_back(
new InjectorIRStrategy(InjectorIRStrategy::getDefaultOps()));
....
}Gargadi na PVS-Studio: [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Dabarun' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-isel-fuzzer.cpp 58
Don ƙara wani abu zuwa ƙarshen akwati kamar std:: vector > ba za ku iya rubuta kawai ba xxx.push_back(sabon X), tunda babu fayyace tuba daga X* в std :: musamman_ptr.
Magani na gama gari shine rubutu xxx.emplace_back(sabon X)tunda ya hada: hanya emplace_baya yana gina wani kashi kai tsaye daga gardamar sa don haka yana iya amfani da fayyace magina.
Ba lafiya. Idan vector ya cika, to, ƙwaƙwalwar ajiya an sake sanyawa. Ayyukan wurin žwažwalwar ajiya na iya gazawa, yana haifar da keɓancewar jifa std :: bad_alloc. A wannan yanayin, mai nuni zai ɓace kuma abin da aka ƙirƙira ba zai taɓa gogewa ba.
Amintaccen bayani shine ƙirƙirar musamman_ptrwanda zai mallaki ma'auni kafin vector yayi ƙoƙarin gano wurin ƙwaƙwalwar ajiya:
xxx.push_back(std::unique_ptr<X>(new X))Tun C ++14, zaku iya amfani da 'std :: make_unique':
xxx.push_back(std::make_unique<X>())Irin wannan lahani ba shi da mahimmanci ga LLVM. Idan ba za a iya keɓance ƙwaƙwalwar ajiya ba, mai tarawa zai tsaya kawai. Duk da haka, don aikace-aikace tare da dogon lokaci , wanda ba zai iya ƙarewa kawai idan rabon ƙwaƙwalwar ajiya ya kasa, wannan na iya zama ainihin kuskuren kuskure.
Don haka, kodayake wannan lambar ba ta haifar da barazana mai amfani ga LLVM ba, na ga yana da amfani don yin magana game da wannan ƙirar kuskure kuma mai nazarin PVS-Studio ya koyi gano shi.
Sauran gargaɗin irin wannan:
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Passes' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. PassManager.h 546
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'AAs' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. AliasAnalysis.h 324
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati na 'Shigarwar' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. DWARFDebugFrame.cpp 519
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'AllEdges' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. CFGMST.h 268
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati na 'VMaps' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. SimpleLoopUnswitch.cpp 2012
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Records' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. FDRLogBuilder.h 30
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'PendingSubmodules' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. ModuleMap.cpp 810
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Abubuwa' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. DebugMap.cpp 88
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Dabarun' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-isel-fuzzer.cpp 60
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 685
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 686
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 688
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 689
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 690
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 691
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 692
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 693
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Masu gyara' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. lvm-stress.cpp 694
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin kwandon 'Operands' ta hanyar'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. GlobalISelEmitter.cpp 1911
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Stash' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. GlobalISelEmitter.cpp 2100
- V1023 [CWE-460] Ana ƙara mai nuni ba tare da mai shi ba a cikin akwati 'Matchers' ta hanyar 'emplace_back'. Ƙwaƙwalwar ƙwaƙwalwa zai faru idan akwai keɓancewa. GlobalISelEmitter.cpp 2702
ƙarshe
Na ba da gargadi 60 gaba daya sannan na tsaya. Shin akwai wasu lahani waɗanda mai nazarin PVS-Studio ya gano a cikin LLVM? Ee, ina da. Duk da haka, sa’ad da nake rubuta ɓangarorin talifi na talifin, da yamma ya yi, ko kuma ma dare ne, kuma na yanke shawarar cewa lokaci ya yi da zan kira shi da rana.
Ina fatan kun samo shi mai ban sha'awa kuma za ku so gwada PVS-Studio analyzer.
Kuna iya saukar da analyzer kuma ku sami maɓallin ma'adinai a .
Mafi mahimmanci, yi amfani da bincike akai-akai. Binciken lokaci guda, wanda mu ke aiwatarwa don yada hanyoyin bincike a tsaye da PVS-Studio ba yanayin al'ada ba ne.
Sa'a mai kyau don inganta inganci da amincin lambar ku!
Idan kuna son raba wannan labarin tare da masu sauraron Ingilishi, da fatan za a yi amfani da hanyar haɗin fassarar: Andrey Karpov. .
source: www.habr.com