In ka badan laba sano ayaa ka soo wareegtay markii ugu dambaysay ee hubinta koodka mashruuca LLVM iyadoo la adeegsanayo falanqeeyahayaga PVS-Studio. Aan hubino in PVS-Studio analyzer uu wali yahay aalad hormuud u ah aqoonsiga khaladaadka iyo dayacanka iman kara. Si tan loo sameeyo, waxaanu hubin doonaa oo aan ka heli doonaa khaladaad cusub siidaynta LLVM 8.0.0.
Maqaalka in la qoro
Run ahaantii, ma rabin inaan maqaalkan qoro. Ma ahan wax xiiso leh in la qoro mashruuc aan horay u hubinnay dhowr jeer (, , ). Way fiicantahay in wax cusub laga qoro, laakiin doorasho ma lihi.
Mar kasta oo nooc cusub oo LLVM ah la sii daayo ama la cusboonaysiiyo , waxaan ku helnaa boostadayada su'aalaha noocaan ah:
Fiiri, nooca cusub ee Clang Static Analyzer wuxuu bartay inuu helo khaladaad cusub! Waxay iila muuqataa in ku habboonaanta isticmaalka PVS-Studio ay sii yaraanayso. Clang wuxuu helaa khaladaad ka badan sidii hore wuxuuna la qabsaday awoodaha PVS-Studio. Maxay kula tahay arrintan?
Tan waxaan had iyo jeer rabaa inaan ka jawaabo wax sida:
Annaguna shaqo la’aan kuma fadhiisanno! Waxaan si weyn u hagaajinnay awoodaha PVS-Studio analyzer. Markaa ha werwerin, sidii hore ayaan u sii hoggaaminaynaa.
Nasiib darro, tani waa jawaab xun. Wax daliil ah kuma jiraan. Waana sababta aan hadda maqaalkan u qorayo. Haddaba, mashruuca LLVM ayaa marlabaad la hubiyay waxaana laga helay khaladaad kala duwan. Hadda waxaan soo bandhigi doonaa kuwa ii muuqday kuwo xiisa leh. Falanqeeyaha Clang Static ma heli karo khaladaadkan (ama aad bay u dhib badan tahay in sidaas la sameeyo iyada oo la kaashanayo). Laakiin waan awoodnaa. Waxaa intaa dheer, waxaan helay oo qoray dhammaan khaladaadkaas hal fiidkii ah.
Laakiin qorista maqaalku waxay qaadatay dhowr toddobaad. Kaliya ma aan keeni karin in aan waxan oo dhan qoraal geliyo :).
Jid ahaan, haddii aad xiisaynayso waxa tignoolajiyada loo isticmaalo falanqeeyaha PVS-Studio si loo garto khaladaadka iyo dayacanka suurtagalka ah, markaa waxaan soo jeedinayaa inaad tan barato. .
Cudurrada cusub iyo kuwii hore
Sidii horeyba loo sheegay, qiyaastii laba sano ka hor mashruuca LLVM ayaa mar kale la hubiyay, khaladaadkii la helayna waa la saxay. Hadda maqaalkani wuxuu soo bandhigi doonaa khaladaad cusub. Maxaa loo helay kutaanno cusub? Waxaa jira 3 sababood oo tan:
- Mashruucii LLVM waa horumaraya, bedelaya koodkii hore oo ku daraya kood cusub. Sida caadiga ah, waxaa jira khaladaad cusub oo ku jira koodka la beddelay iyo kan qoran. Tani waxay si cad u muujinaysaa in falanqaynta joogtada ah ay tahay in si joogto ah loo isticmaalo, oo aan marmar loo isticmaalin. Maqaaladayadu waxay si fiican u muujinayaan awoodaha falanqeeyaha PVS-Studio, laakiin tani wax shaqo ah kuma laha hagaajinta tayada code iyo yaraynta kharashka hagaajinta khaladaadka. Si joogto ah u isticmaal falanqeeye koodhka taagan!
- Waxaan dhamaystiraynaa oo aanu hagaajinaynaa baadhitaanada jira. Sidaa darteed, falanqeeyuhu waxa uu aqoonsan karaa khaladaad aanu ku ogaan intii lagu jiray baadhitaanadii hore.
- Baaritaanno cusub ayaa ka soo muuqday PVS-Studio oo aan ka jirin 2 sano ka hor. Waxaan go'aansaday inaan ku muujiyo qayb gaar ah si aan si cad u muujiyo horumarka PVS-Studio.
Cilladaha lagu aqoonsaday ogaanshaha cudurka oo jiray 2 sano ka hor
Jajab N1: Koobi-Paste
static bool ShouldUpgradeX86Intrinsic(Function *F, StringRef Name) {
if (Name == "addcarryx.u32" || // Added in 8.0
....
Name == "avx512.mask.cvtps2pd.128" || // Added in 7.0
Name == "avx512.mask.cvtps2pd.256" || // Added in 7.0
Name == "avx512.cvtusi2sd" || // Added in 7.0
Name.startswith("avx512.mask.permvar.") || // Added in 7.0 // <=
Name.startswith("avx512.mask.permvar.") || // Added in 7.0 // <=
Name == "sse2.pmulu.dq" || // Added in 7.0
Name == "sse41.pmuldq" || // Added in 7.0
Name == "avx2.pmulu.dq" || // Added in 7.0
....
}Digniinta PVS-Studio: [CWE-570] Waxa jira tibaaxo-hoosaadyo isku mid ah 'Name.startswith("avx512.mask.permvar.") bidix iyo midig ee '||' hawlwadeen. AutoUpgrade.cpp 73
Waa laba jeer la hubiyaa in magacu ku bilaabmayo xarafka hoosaadka "avx512.mask.permvar." Jeega labaad, waxa cad inay rabeen inay qoraan wax kale, laakiin waxay illoobeen inay saxaan qoraalka la soo guuriyay.
Jajab N2: Nooca
enum CXNameRefFlags {
CXNameRange_WantQualifier = 0x1,
CXNameRange_WantTemplateArgs = 0x2,
CXNameRange_WantSinglePiece = 0x4
};
void AnnotateTokensWorker::HandlePostPonedChildCursor(
CXCursor Cursor, unsigned StartTokenIndex) {
const auto flags = CXNameRange_WantQualifier | CXNameRange_WantQualifier;
....
}Digniin PVS-Studio: V501 Waxaa jira tibaaxyo hoose oo isku mid ah 'CXNameRange_WantQualifier' ee bidix iyo midig ee '|' hawlwadeen. Cindex.cpp 7245
Farsamo-qorid awgeed, isla magaca joogtada ah ayaa la isticmaalaa laba jeer CXNameRange_WantQualifier.
Jajab N3: Jahwareerka leh mudnaanta hawlwadeenka
int PPCTTIImpl::getVectorInstrCost(unsigned Opcode, Type *Val, unsigned Index) {
....
if (ISD == ISD::EXTRACT_VECTOR_ELT && Index == ST->isLittleEndian() ? 1 : 0)
return 0;
....
}Digniinta PVS-Studio: [CWE-783] Waxaa laga yaabaa in '?:' hawlwadeenku u shaqeeyo si ka duwan sidii la filayay. Hawlwadeenka '?:' wuxuu leeyahay mudnaan ka hooseeya kan '=='. PPCTargetTransformInfo.cpp 404
Fikradayda, tani waa qalad aad u qurux badan. Haa, waan ogahay in aan leeyahay fikrado qariib ah oo ku saabsan quruxda :).
Hadda, sida laga soo xigtay , odhaahda waxa loo qiimeeyaa sidan soo socota:
(ISD == ISD::EXTRACT_VECTOR_ELT && (Index == ST->isLittleEndian())) ? 1 : 0Marka laga eego aragtida dhabta ah, xaaladdan oo kale macno ma samaynayso, maadaama lagu dhimi karo:
(ISD == ISD::EXTRACT_VECTOR_ELT && Index == ST->isLittleEndian())Tani waa qalad cad. Inta badan, waxay rabeen inay is barbar dhigaan 0/1 doorsoome Index. Si aad u hagaajiso koodka waxaad u baahan tahay inaad ku darto jaantusyada agagaarka hawlwadeenka ternary:
if (ISD == ISD::EXTRACT_VECTOR_ELT && Index == (ST->isLittleEndian() ? 1 : 0))By habka, hawlwadeenka ternary aad ayuu khatar u yahay wuxuuna kiciyaa khaladaad macquul ah. Aad uga digtoonow oo ha ku hungoobin qawlka. Mawduucan ayaan si faahfaahsan u eegay , ee cutubka "Ka digtoonow ?: Hawl-wadeenka oo ku dheji Waalidiinta."
Jajab N4, N5: Tilmaamaha Null
Init *TGParser::ParseValue(Record *CurRec, RecTy *ItemType, IDParseMode Mode) {
....
TypedInit *LHS = dyn_cast<TypedInit>(Result);
....
LHS = dyn_cast<TypedInit>(
UnOpInit::get(UnOpInit::CAST, LHS, StringRecTy::get())
->Fold(CurRec));
if (!LHS) {
Error(PasteLoc, Twine("can't cast '") + LHS->getAsString() +
"' to string");
return nullptr;
}
....
}Digniinta PVS-Studio: [CWE-476] Dib-u-eegistii tilmaame-haye 'LHS' ayaa dhici karta. TGParser.cpp 2152
Haddi tilmaanta DhB waa waxba, waa in digniin la bixiyaa. Si kastaba ha ahaatee, taa beddelkeeda, isla tilmaame aan waxba ka jirin ayaa la tixraaci doonaa: LHS->getAsString().
Tani waa xaalad aad caadi u ah marka khaladku ku qarsoon yahay maamulaha qaladka, maadaama uusan qofna tijaabin. Falanqeeyayaasha joogtada ah waxay eegaan dhammaan koodka la gaari karo, iyadoon loo eegayn inta jeer ee la isticmaalo. Tani waa tusaale aad u wanaagsan oo ku saabsan sida falanqaynta joogtada ahi u dhamaystirto imtixaanada kale iyo farsamooyinka ilaalinta khaladaadka.
Khalad maaraynta tilmaame la mid ah DhM loo ogolyahay in koodka ka hooseeya: V522 [CWE-476] Dereferencing of the null pointer 'RHS' ayaa laga yaabaa inay dhacdo. TGParser.cpp 2186
Jajab N6: Isticmaalka tilmaamayaasha guuritaanka ka dib
static Expected<bool>
ExtractBlocks(....)
{
....
std::unique_ptr<Module> ProgClone = CloneModule(BD.getProgram(), VMap);
....
BD.setNewProgram(std::move(ProgClone)); // <=
MiscompiledFunctions.clear();
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {
Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first); // <=
assert(NewF && "Function not found??");
MiscompiledFunctions.push_back(NewF);
}
....
}Digniinta PVS-Studio: V522 [CWE-476] Soo jeedinta tilmaamayaasha 'ProgClone' ee null ah ayaa dhici karta. Qaladaynta.cpp 601
Bilowgii tilmaame caqli badan ProgClone waxay joojinaysaa lahaanshaha shayga:
BD.setNewProgram(std::move(ProgClone));Dhab ahaantii, hadda ProgClone waa tilmaame null ah. Sidaa darteed, ka-hortagga tilmaame null ah waa inuu ku dhacaa sida soo socota:
Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first);Laakiin, dhab ahaantii, tani ma dhici doonto! Ogow in wareegtada aan si dhab ah loo fulin.
Bilowga weelka Hawlaha Qaldan la nadiifiyay:
MiscompiledFunctions.clear();Marka xigta, cabbirka weelkan waxaa loo isticmaalaa xaaladda wareegga:
for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) {Way fududahay in la arko in wareeggu aanu bilaaban. Waxaan filayaa in tani ay sidoo kale tahay bug oo koodka waa in si ka duwan loo qoraa.
Waxay u muuqataa in aan la kulannay khaladaadkaas caanka ah ee sinnaanta! Hal qalad ayaa qariya kan kale :).
Jajab N7: Isticmaalka tilmaamayaasha guuritaanka ka dib
static Expected<bool> TestOptimizer(BugDriver &BD, std::unique_ptr<Module> Test,
std::unique_ptr<Module> Safe) {
outs() << " Optimizing functions being tested: ";
std::unique_ptr<Module> Optimized =
BD.runPassesOn(Test.get(), BD.getPassesToRun());
if (!Optimized) {
errs() << " Error running this sequence of passes"
<< " on the input program!n";
BD.setNewProgram(std::move(Test)); // <=
BD.EmitProgressBitcode(*Test, "pass-error", false); // <=
if (Error E = BD.debugOptimizerCrash())
return std::move(E);
return false;
}
....
}Digniinta PVS-Studio: V522 [CWE-476] Ka qaadista tilmaamaha 'tijaabada' ayaa dhici karta. Qalafsanaanta.cpp 709
Xaalad la mid ah mar kale. Marka hore, waxa ku jira shayga waa la dhaqaajiyaa, ka dibna waxa loo isticmaalaa sidii wax aan dhicin. Waxaan u arkaa xaaladdan marar badan iyo marar badan code barnaamijka ka dib markii semantics dhaqdhaqaaqa ka soo muuqday C ++. Tani waa sababta aan u jeclahay luqadda C++! Waxaa jira siyaabo cusub oo badan oo aad lugtaada uga toogto. Falanqeeyaha PVS-Studio wuxuu had iyo jeer lahaan doonaa shaqo :).
Jajab N8: Tilmaamaha Null
void FunctionDumper::dump(const PDBSymbolTypeFunctionArg &Symbol) {
uint32_t TypeId = Symbol.getTypeId();
auto Type = Symbol.getSession().getSymbolById(TypeId);
if (Type)
Printer << "<unknown-type>";
else
Type->dump(*this);
}Digniinta PVS-Studio: V522 [CWE-476] Soo jeedinta tilmaamayaasha 'Nooca' waa laga yaabaa inay dhacdo. PrettyFunctionDumper.cpp 233
Marka lagu daro kuwa gacanta ku haya khaladaadka, shaqada daabacaadda khaladka laguma tijaabiyo. Kiis noocaas oo kale ah ayaa na hor yaalla. Shaqadu waxay sugaysaa isticmaalaha, kaas oo, halkii uu xallin lahaa dhibaatooyinkiisa, ayaa lagu qasbi doonaa inuu hagaajiyo.
Sax ah:
if (Type)
Type->dump(*this);
else
Printer << "<unknown-type>";Jajab N9: Tilmaamaha Null
void SearchableTableEmitter::collectTableEntries(
GenericTable &Table, const std::vector<Record *> &Items) {
....
RecTy *Ty = resolveTypes(Field.RecType, TI->getType());
if (!Ty) // <=
PrintFatalError(Twine("Field '") + Field.Name + "' of table '" +
Table.Name + "' has incompatible type: " +
Ty->getAsString() + " vs. " + // <=
TI->getType()->getAsString());
....
}Digniinta PVS-Studio: V522 [CWE-476] Soo jeedinta tilmaamayaasha 'Ty' waa laga yaabaa inay dhacdo. La raadin karoTableEmitter.cpp 614
Waxaan filayaa in wax walba ay cad yihiin oo aan u baahnayn sharaxaad.
Jajab N10: Nooca
bool FormatTokenLexer::tryMergeCSharpNullConditionals() {
....
auto &Identifier = *(Tokens.end() - 2);
auto &Question = *(Tokens.end() - 1);
....
Identifier->ColumnWidth += Question->ColumnWidth;
Identifier->Type = Identifier->Type; // <=
Tokens.erase(Tokens.end() - 1);
return true;
}Digniinta PVS-Studio: Doorsoomiyaha 'Identifier->Nooca' isagaa loo qoondeeyay. FormatTokenLexer.cpp 249
Wax macno ah ma leh in doorsoome laftiisa loo qoondeeyo. Waxay u badan tahay inay rabeen inay qoraan:
Identifier->Type = Question->Type;Jajab N11: Nasasho shaki leh
void SystemZOperand::print(raw_ostream &OS) const {
switch (Kind) {
break;
case KindToken:
OS << "Token:" << getToken();
break;
case KindReg:
OS << "Reg:" << SystemZInstPrinter::getRegisterName(getReg());
break;
....
}Digniinta PVS-Studio: [CWE-478] Tixgeli inaad baarto bayaanka 'switch'. Waxaa suurtogal ah in hawlwadeenkii ugu horreeyay ee 'kiis' la waayo. NidaamkaZAsmParser.cpp 652
Waxa jira hawlwadeen aad looga shakisan yahay bilawga nasashada. Miyaad illowday inaad wax kale halkan ku qorto?
Jajab N12: Hubinta tilmaame ka dib ka laabashada
InlineCost AMDGPUInliner::getInlineCost(CallSite CS) {
Function *Callee = CS.getCalledFunction();
Function *Caller = CS.getCaller();
TargetTransformInfo &TTI = TTIWP->getTTI(*Callee);
if (!Callee || Callee->isDeclaration())
return llvm::InlineCost::getNever("undefined callee");
....
}Digniinta PVS-Studio: [CWE-476] Tilmaamaha 'Callee' ayaa la isticmaalay ka hor inta aan laga xaqiijin nullptr. Hubi khadadka: 172, 174. AMDGPUInline.cpp 172
Tilmaame Callee bilawga waxaa laga reebayaa wakhtiga shaqada la yiraahdo heliTTI.
Kadibna waxaa soo baxday in tilmaan-bixiyahan lagu hubiyo sinnaanta nullptr:
if (!Callee || Callee->isDeclaration())Laakiin aad bay u daahday…
Jajab N13 - N...: Hubinta tilmaame ka dib ka laabashada
Xaaladda lagaga hadlay jajabkii hore ee koodhka ma aha mid gaar ah. Waxay ka muuqataa halkan:
static Value *optimizeDoubleFP(CallInst *CI, IRBuilder<> &B,
bool isBinary, bool isPrecise = false) {
....
Function *CalleeFn = CI->getCalledFunction();
StringRef CalleeNm = CalleeFn->getName(); // <=
AttributeList CalleeAt = CalleeFn->getAttributes();
if (CalleeFn && !CalleeFn->isIntrinsic()) { // <=
....
}Digniinta PVS-Studio: V595 [CWE-476] Tilmaamaha 'CalleeFn' waa la isticmaalay ka hor inta aan laga xaqiijin nullptr. Hubi khadadka: 1079, 1081. SimplifyLibCalls.cpp 1079
Oo halkan:
void Sema::InstantiateAttrs(const MultiLevelTemplateArgumentList &TemplateArgs,
const Decl *Tmpl, Decl *New,
LateInstantiatedAttrVec *LateAttrs,
LocalInstantiationScope *OuterMostScope) {
....
NamedDecl *ND = dyn_cast<NamedDecl>(New);
CXXRecordDecl *ThisContext =
dyn_cast_or_null<CXXRecordDecl>(ND->getDeclContext()); // <=
CXXThisScopeRAII ThisScope(*this, ThisContext, Qualifiers(),
ND && ND->isCXXInstanceMember()); // <=
....
}Digniinta PVS-Studio: V595 [CWE-476] Tilmaamaha 'ND' ayaa la isticmaalay ka hor inta aan laga xaqiijin nullptr. Hubi khadadka: 532, 534. SemaTemplateInstantiateDecl.cpp 532
Oo halkan:
- V595 [CWE-476] Tilmaamaha 'U' ayaa la isticmaalay ka hor inta aan laga xaqiijin nullptr. Hubi khadadka: 404, 407. DWARFormValue.cpp 404
- V595 [CWE-476] Tilmaamaha 'ND' waa la isticmaalay ka hor inta aan laga xaqiijin nullptr. Hubi khadadka: 2149, 2151. SemaTemplateInstantiate.cpp 2149
Ka dibna waxaan noqday qof aan xiiso u qabin barashada digniinaha lambarka V595. Markaa ma garanayo inay jiraan khaladaad badan oo la mid ah oo aan ahayn kuwa halkan ku qoran. Waxay u badan tahay inay jirto.
Jajab N17, N18: Isbedelka shakiga leh
static inline bool processLogicalImmediate(uint64_t Imm, unsigned RegSize,
uint64_t &Encoding) {
....
unsigned Size = RegSize;
....
uint64_t NImms = ~(Size-1) << 1;
....
}Digniinta PVS-Studio: [CWE-190] Tixgeli inaad kormeerto odhaahda '~ (Size - 1) << 1' Waxooga beddelka qiimaha 32-bit oo leh balaadhin ku xigta nooca 64-bit. AArch64AddressingModes.h 260
Waxa laga yaabaa inaanay ahayn bug oo koodkuna wuxuu u shaqeeyaa sidii loogu talagalay. Laakin meeshan si cad waa meel shaki badan oo u baahan in la hubiyo.
Aynu nidhaahno doorsoomiyaha Cabbirka waxay la mid tahay 16, ka dibna qoraaga xeerku wuxuu qorsheeyay inuu ku helo doorsoome NImms qiime:
1111111111111111111111111111111111111111111111111111111111100000
Si kastaba ha ahaatee, xaqiiqda, natiijadu waxay noqon doontaa:
0000000000000000000000000000000011111111111111111111111111100000
Xaqiiqdu waxay tahay in dhammaan xisaabaadka ay dhacaan iyadoo la adeegsanayo nooca 32-bit ee aan saxeexin. Kaliya markaa, nooca 32-bit ee aan saxeexin ayaa si aan toos ahayn loo ballaarin doonaa nacaybtire. Xaaladdan oo kale, qaybaha ugu muhiimsan waxay noqonayaan eber.
Waxaad xaaladda u hagaajin kartaa sidan:
uint64_t NImms = ~static_cast<uint64_t>(Size-1) << 1;Xaalad la mid ah: V629 [CWE-190] Tixgeli inaad kormeerto muujinta 'Immr << 6'. Waxooga beddelka qiimaha 32-bit oo leh balaadhin ku xigta nooca 64-bit. AArch64AddressingModes.h 269
Jajab N19: Erayga muhiimka ah ee maqan kale?
void AMDGPUAsmParser::cvtDPP(MCInst &Inst, const OperandVector &Operands) {
....
if (Op.isReg() && Op.Reg.RegNo == AMDGPU::VCC) {
// VOP2b (v_add_u32, v_sub_u32 ...) dpp use "vcc" token.
// Skip it.
continue;
} if (isRegOrImmWithInputMods(Desc, Inst.getNumOperands())) { // <=
Op.addRegWithFPInputModsOperands(Inst, 2);
} else if (Op.isDPPCtrl()) {
Op.addImmOperands(Inst, 1);
} else if (Op.isImm()) {
// Handle optional arguments
OptionalIdx[Op.getImmTy()] = I;
} else {
llvm_unreachable("Invalid operand type");
}
....
}Digniinta PVS-Studio: [CWE-670] Tixgeli inaad baarto macquulka codsiga. Waxaa suurtogal ah in ereyga muhiimka ah ee 'kale' uu maqan yahay. AMDGPUAsmParser.cpp 5655
Ma jiro qalad halkan. Tan iyo markaas-block ee ugu horeysay if ku dhamaata sii, markaas dhib ma laha, waxaa jira erey muhiim ah kale ama maya. Si kastaba ha ahaatee koodka ayaa u shaqayn doona si la mid ah. Wali waa la tabcay kale ka dhigaya koodka mid aan caddayn oo khatar badan. Haddii mustaqbalka sii baaba'a, koodka wuxuu bilaabi doonaa inuu si buuxda u shaqeeyo. Aragtidayda waxa fiican in lagu daro kale.
Jajab N20: Afar nooc oo isku nooc ah
LLVM_DUMP_METHOD void Symbol::dump(raw_ostream &OS) const {
std::string Result;
if (isUndefined())
Result += "(undef) ";
if (isWeakDefined())
Result += "(weak-def) ";
if (isWeakReferenced())
Result += "(weak-ref) ";
if (isThreadLocalValue())
Result += "(tlv) ";
switch (Kind) {
case SymbolKind::GlobalSymbol:
Result + Name.str(); // <=
break;
case SymbolKind::ObjectiveCClass:
Result + "(ObjC Class) " + Name.str(); // <=
break;
case SymbolKind::ObjectiveCClassEHType:
Result + "(ObjC Class EH) " + Name.str(); // <=
break;
case SymbolKind::ObjectiveCInstanceVariable:
Result + "(ObjC IVar) " + Name.str(); // <=
break;
}
OS << Result;
}Digniinta PVS-Studio:
- V655 [CWE-480] Xadhkaha waa la isku dhejiyay laakiin lama isticmaalo. Tixgeli inaad eegto 'Natiijada + Magaca.str()' muujinta. Sumadda.cpp 32
- V655 [CWE-480] Xadhkaha waa la isku dhejiyay laakiin lama isticmaalo. Tixgeli inaad eegto 'Natiijooyinka + "(Class ObjC)" + Magaca.str () '. Sumadda.cpp 35
- V655 [CWE-480] Xadhkaha waa la isku dhejiyay laakiin lama isticmaalo. Tixgeli inaad eegto 'Natiijada +"(ObjC Class EH)" + Name.str ()" muujinta. Sumadda.cpp 38
- V655 [CWE-480] Xadhkaha waa la isku dhejiyay laakiin lama isticmaalo. Tixgeli inaad eegto 'Natiijada + "(ObjC IVar)" + Name.str ()' muujinta. Sumadda.cpp 41
Shil ahaan, hawlwadeenka + waxa loo isticmaalaa halkii laga isticmaali lahaa += hawlwadeenka. Natiijadu waa naqshado aan macno lahayn.
Jajab N21: Dhaqan aan la qeexin
static void getReqFeatures(std::map<StringRef, int> &FeaturesMap,
const std::vector<Record *> &ReqFeatures) {
for (auto &R : ReqFeatures) {
StringRef AsmCondString = R->getValueAsString("AssemblerCondString");
SmallVector<StringRef, 4> Ops;
SplitString(AsmCondString, Ops, ",");
assert(!Ops.empty() && "AssemblerCondString cannot be empty");
for (auto &Op : Ops) {
assert(!Op.empty() && "Empty operator");
if (FeaturesMap.find(Op) == FeaturesMap.end())
FeaturesMap[Op] = FeaturesMap.size();
}
}
}Isku day inaad adigu hesho koodka khatarta ah. Kani waa sawir lagu mashquulinayo dareenka si aan markiiba loo eegin jawaabta:
Digniinta PVS-Studio: [CWE-758] Dhisme khatar ah ayaa la adeegsadaa: 'FeaturesMap[Op] = FeaturesMap.size()', halkaasoo 'FeaturesMap' ay ka tahay fasalka 'map'. Tani waxay u horseedi kartaa dabeecad aan la qeexin. RISCVCompressInstEmitter.cpp 490
Khadka dhibaatada:
FeaturesMap[Op] = FeaturesMap.size();Haddii element Op lama helin, ka dib curiye cusub ayaa lagu abuuray khariidadda oo tirada curiyeyaasha khariidadan ayaa halkaas ku qoran. Lama garanayo in shaqada la wici doono iyo in kale size ka hor ama ka dib marka lagu daro shay cusub.
Jajab N22-N24: Shaqooyinka soo noqnoqda
Error MachOObjectFile::checkSymbolTable() const {
....
} else {
MachO::nlist STE = getSymbolTableEntry(SymDRI);
NType = STE.n_type; // <=
NType = STE.n_type; // <=
NSect = STE.n_sect;
NDesc = STE.n_desc;
NStrx = STE.n_strx;
NValue = STE.n_value;
}
....
}Digniinta PVS-Studio: [CWE-563] Doorsoome 'NType' waxa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Eeg khadadka: 1663, 1664.MachOObjectFile.cpp 1664
Uma malaynayo in khalad dhab ahi halkan ka jiro. Keliya hawl aan loo baahnayn oo soo noqnoqota. Laakiin weli khalad.
Sidoo kale:
- V519 [CWE-563] Doorsoome 'B.NDesc' waxa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Eeg khadadka: 1488, 1489. lvm-nm.cpp 1489
- V519 [CWE-563] Doorsoomiyaha waxaa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Hubi khadadka: 59, 61. coff2yaml.cpp 61
Jajab N25-N27: Dib u habeyn badan
Hadda aynu eegno nooc ka yara duwan ee dib-u-dejinta.
bool Vectorizer::vectorizeLoadChain(
ArrayRef<Instruction *> Chain,
SmallPtrSet<Instruction *, 16> *InstructionsProcessed) {
....
unsigned Alignment = getAlignment(L0);
....
unsigned NewAlign = getOrEnforceKnownAlignment(L0->getPointerOperand(),
StackAdjustedAlignment,
DL, L0, nullptr, &DT);
if (NewAlign != 0)
Alignment = NewAlign;
Alignment = NewAlign;
....
}Digniinta PVS-Studio: V519 [CWE-563] Doorsoomiyaha 'Isku toosinta' waxa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Hubi khadadka: 1158, 1160. LoadStoreVectorizer.cpp 1160
Kani waa kood la yaab leh oo sida muuqata ka kooban khalad macquul ah. Bilawga, doorsoome Sinaanta qiimaha ayaa loo qoondeeyay iyadoo ku xiran xaaladda. Kadibna hawshu mar kale ayay dhacdaa, laakiin hadda iyada oo aan wax hubin ah.
Xaalado la mid ah ayaa halkan lagu arki karaa:
- V519 [CWE-563] Doorsoomayaasha 'Saamaynta' waxa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Hubi khadadka: 152, 165. WebAssemblyRegStackify.cpp 165
- V519 [CWE-563] Doorsoomiyaha 'ExpectNoDerefChunk' waxa loo qoondeeyay qiyamka laba jeer oo isku xigta. Malaha tani waa khalad. Eeg khadadka: 4970, 4973. SemaType.cpp 4973
Jajab N28: Had iyo jeer xaalad run ah
static int readPrefixes(struct InternalInstruction* insn) {
....
uint8_t byte = 0;
uint8_t nextByte;
....
if (byte == 0xf3 && (nextByte == 0x88 || nextByte == 0x89 ||
nextByte == 0xc6 || nextByte == 0xc7)) {
insn->xAcquireRelease = true;
if (nextByte != 0x90) // PAUSE instruction support // <=
break;
}
....
}Digniinta PVS-Studio: [CWE-571] Odhaahda 'nextByte!= 0x90' had iyo jeer waa run. X86DisassemblerDecoder.cpp 379
Hubinta macno ma samaynayso. La beddeli karo nextByte had iyo jeer aan la sinnayn qiimaha 0x90, kaas oo raacaya jeeggii hore. Tani waa nooc ka mid ah khalad macquul ah.
Jajab N29 - N...: Had iyo jeer xaalado run/been ah
Falanqeeyaha wuxuu soo saaraa digniino badan oo ku saabsan xaaladda oo dhan () ama qayb ka mid ah () had iyo jeer waa run ama been. Badanaa kuwani maaha khaladaad dhab ah, laakiin si fudud koodka qallafsan, natiijada ballaarinta macro, iyo wixii la mid ah. Si kastaba ha ahaatee, waa macno in la eego dhammaan digniinahaas, maadaama khaladaad macquul ah oo dhab ah ay dhacaan waqti ka waqti. Tusaale ahaan, qaybtan koodku waa shaki:
static DecodeStatus DecodeGPRPairRegisterClass(MCInst &Inst, unsigned RegNo,
uint64_t Address, const void *Decoder) {
DecodeStatus S = MCDisassembler::Success;
if (RegNo > 13)
return MCDisassembler::Fail;
if ((RegNo & 1) || RegNo == 0xe)
S = MCDisassembler::SoftFail;
....
}Digniinta PVS-Studio: [CWE-570] Qayb ka mid ah odhaah shuruudaysan had iyo jeer waa been: RegNo == 0xe. ARMDisassembler.cpp 939
0xE joogta ah waa qiimaha 14 jajab tobanle. Imtixaan RegNo == 0xe macno ma samaynayso sababtoo ah haddii RegNo> 13, markaas shaqadu waxay dhamaystiri doontaa fulinteeda.
Waxaa jiray digniino kale oo badan oo wata ID-yada V547 iyo V560, laakiin si la mid ah , Maan xiisayn inaan darso digniinahaas. Horey ayay u caddaatay in aan haysto qalab ku filan oo aan ku qoro maqaal :). Sidaa darteed, lama garanayo inta khalad ee noocan ah lagu aqoonsan karo LLVM iyadoo la isticmaalayo PVS-Studio.
Waxaan ku siin doonaa tusaale sababta barashada kiciyeyaashan ay caajis u tahay. Falanqeeyaha gabi ahaanba waa ku saxsan yahay bixinta digniinta koodkan soo socda. Laakiin tani khalad maaha.
bool UnwrappedLineParser::parseBracedList(bool ContinueOnSemicolons,
tok::TokenKind ClosingBraceKind) {
bool HasError = false;
....
HasError = true;
if (!ContinueOnSemicolons)
return !HasError;
....
}Digniinta PVS-Studio: V547 [CWE-570] Muujinta '!HasError' had iyo jeer waa been. Khadka aan duubnaynParser.cpp 1635
Jajab N30: Soo noqoshada shakiga leh
static bool
isImplicitlyDef(MachineRegisterInfo &MRI, unsigned Reg) {
for (MachineRegisterInfo::def_instr_iterator It = MRI.def_instr_begin(Reg),
E = MRI.def_instr_end(); It != E; ++It) {
return (*It).isImplicitDef();
}
....
}Digniinta PVS-Studio: [CWE-670] Soo noqosho shuruud la'aan ah oo wareeg ah. R600UptimizeVectorRegisters.cpp 63
Tani waa qalad ama farsamo gaar ah oo loogu talagalay in wax loogu sharaxo barnaamijyada akhrinaya koodka. Naqshadani waxba iima macnaynayso waxayna u egtahay mid shaki badan. Way fiicantahay inaadan sidaas u qorin :).
Daalay? Kadibna waa waqtigii la samayn lahaa shaaha ama kafeega.
Cilladaha lagu aqoonsaday ogaanshaha cusub
Waxaan u maleynayaa in 30 firfircooni ah oo ogaanshaha hore ay ku filan tahay. Aynu hadda aragno waxyaabaha xiisaha leh ee laga heli karo ogaanshaha cusub ee ka soo muuqday falanqaynta ka dib jeegaga. Wadar ahaan, 66 baadhitaano guud oo ujeedo-guud ah ayaa lagu daray falanqaynta C++ wakhtigan.
Jajab N31: Koodhka aan la gaadhi karin
Error CtorDtorRunner::run() {
....
if (auto CtorDtorMap =
ES.lookup(JITDylibSearchList({{&JD, true}}), std::move(Names),
NoDependenciesToRegister, true))
{
....
return Error::success();
} else
return CtorDtorMap.takeError();
CtorDtorsByPriority.clear();
return Error::success();
}Digniinta PVS-Studio: [CWE-561] Koodh aan la gaadhi karin ayaa la ogaaday. Waxaa suurtagal ah in qalad uu jiro. ExecutionUtils.cpp 146
Sida aad arki karto, labada laamood ee hawlwadeenka if waxay ku dhammaataa wicitaan loo diro hawlwadeenka soo laabtay. Sidaas awgeed, weelka CtorDtorsByPriority weligeed la nadiifin maayo.
Jajab N32: Koodhka aan la gaadhi karin
bool LLParser::ParseSummaryEntry() {
....
switch (Lex.getKind()) {
case lltok::kw_gv:
return ParseGVEntry(SummaryID);
case lltok::kw_module:
return ParseModuleEntry(SummaryID);
case lltok::kw_typeid:
return ParseTypeIdEntry(SummaryID); // <=
break; // <=
default:
return Error(Lex.getLoc(), "unexpected summary kind");
}
Lex.setIgnoreColonInIdentifiers(false); // <=
return false;
}Digniinta PVS-Studio: V779 [CWE-561] Koodh aan la heli karin ayaa la ogaaday. Waxaa suurtogal ah in qalad uu jiro. LLParser.cpp 835
Xaalad xiiso leh. Aynu marka hore eegno meeshan:
return ParseTypeIdEntry(SummaryID);
break;Jaleecada hore, waxay u muuqataa in aysan jirin wax qalad ah halkan. Waxay u egtahay hawlwadeenka nasashada waxaa jira mid dheeraad ah halkan, oo si fudud ayaad u tirtiri kartaa. Si kastaba ha ahaatee, dhammaan ma fududa.
Falanqeeyaha wuxuu soo saaraa digniin ku saabsan khadadka:
Lex.setIgnoreColonInIdentifiers(false);
return false;Runtiina koodkan lama gaadhi karo Dhammaan kiisaska ku jira biiro wuxuu ku dhammaa taleefoonka taleefoonka soo laabtay. Oo hadda kaligeed caqli la'aan nasashada uma eka mid aan waxyeello lahayn! Waxaa laga yaabaa in mid ka mid ah laamaha ay ku dhamaato nasashada, ma saarna soo laabtay?
Jajab N33: Dib-u-dejin random oo ah jajabyo sare
unsigned getStubAlignment() override {
if (Arch == Triple::systemz)
return 8;
else
return 1;
}
Expected<unsigned>
RuntimeDyldImpl::emitSection(const ObjectFile &Obj,
const SectionRef &Section,
bool IsCode) {
....
uint64_t DataSize = Section.getSize();
....
if (StubBufSize > 0)
DataSize &= ~(getStubAlignment() - 1);
....
}Digniinta PVS-Studio: Baaxadda maaskarada-yar ayaa ka yar cabbirka operand-ka koowaad. Tani waxay sababi doontaa luminta jajabyada sare. RuntimeDyld.cpp 815
Fadlan la soco in shaqada heliStubAligment soo celinta nooca aan la saxeexin. Aynu xisaabinno qiimaha tibaaxaha, anagoo u malaynayna in shaqadu soo celinayso qiimihii 8:
~ (getStubAligment () - 1)
(8u-1)
0xFFFFFFFF8u
Hadda u fiirso doorsoomiyaha Cabbirka Xogta wuxuu leeyahay 64-bit nooca aan saxeexin. Waxay soo baxday in marka la fulinayo hawlgalka DataSize & 0xFFFFFFF8u, dhammaan soddon iyo laba qaybood oo dalabka sare ah ayaa dib loo dejin doonaa eber. Waxay u badan tahay, tani maaha wixii uu barnaamij-sameeyaha rabay. Waxaan ka shakisanahay inuu rabay inuu xisaabiyo: DataSize & 0xFFFFFFFFFFFFFFFF8u.
Si loo saxo qaladka, waa inaad qortaa sidan:
DataSize &= ~(static_cast<uint64_t>(getStubAlignment()) - 1);Ama sidaas:
DataSize &= ~(getStubAlignment() - 1ULL);Jajab N34: Kabka nooca cad ee fashilmay
template <typename T>
void scaleShuffleMask(int Scale, ArrayRef<T> Mask,
SmallVectorImpl<T> &ScaledMask) {
assert(0 < Scale && "Unexpected scaling factor");
int NumElts = Mask.size();
ScaledMask.assign(static_cast<size_t>(NumElts * Scale), -1);
....
}Digniinta PVS-Studio: [CWE-190] Qulqulka suurtagalka ah Tixgeli inaad u shubto hawl-wadeenada 'NumElts * Scale' nooca 'size_t', maaha natiijada. X86ISel Hoosudhac.h 1577
Qaadista nooca cad ayaa loo adeegsadaa si looga fogaado qulqulka marka la dhufto doorsoomayaasha nooca INT. Si kastaba ha ahaatee, shubista nooca cad halkan kama ilaalinayso qulqulka. Marka hore, doorsoomayaasha waa la badin doonaa, ka dibna kaliya natiijada 32-bit ee isku dhufashada ayaa lagu kordhin doonaa nooca .
Jajab N35: Koobi-ku-Paste fashilmay
Instruction *InstCombiner::visitFCmpInst(FCmpInst &I) {
....
if (!match(Op0, m_PosZeroFP()) && isKnownNeverNaN(Op0, &TLI)) {
I.setOperand(0, ConstantFP::getNullValue(Op0->getType()));
return &I;
}
if (!match(Op1, m_PosZeroFP()) && isKnownNeverNaN(Op1, &TLI)) {
I.setOperand(1, ConstantFP::getNullValue(Op0->getType())); // <=
return &I;
}
....
}[CWE-682] Laba jajab oo kood isku mid ah ayaa la helay. Waxaa laga yaabaa, kani waa farqi iyo doorsoome 'Op1' waa in la adeegsadaa halkii 'Op0'. InstCombineCompares.cpp 5507
Baadhitaankan cusub ee xiisaha leh ayaa tilmaamaya xaalado ay ka mid tahay in gabal kood la koobiyeeyay oo la bilaabay in la beddelo magacyada qaar, balse hal meel laguma sixin.
Fadlan ogow in block labaad ay isbeddeleen Op0 on Op1. Laakiin hal meel kuma ay hagaajin. Waxay u badan tahay inay ahayd in sidan loo qoro:
if (!match(Op1, m_PosZeroFP()) && isKnownNeverNaN(Op1, &TLI)) {
I.setOperand(1, ConstantFP::getNullValue(Op1->getType()));
return &I;
}Jajab N36: Jahwareer isbedbeddelaya
struct Status {
unsigned Mask;
unsigned Mode;
Status() : Mask(0), Mode(0){};
Status(unsigned Mask, unsigned Mode) : Mask(Mask), Mode(Mode) {
Mode &= Mask;
};
....
};Digniinta PVS-Studio: [CWE-563] Doorsoomiyaha 'Mode' waa la qoondeeyay laakiin lama isticmaalo dhamaadka shaqada. SIModeRegister.cpp 48
Aad bay khatar u tahay in la bixiyo doodaha shaqada ee magacyada xubnaha fasalka. Aad bay u fududahay in lagu jaahwareero. Kiis noocaas oo kale ah ayaa na hor yaalla. Hadalkani macno ma samaynayo:
Mode &= Mask;Doodda shaqadu way is beddeshaa. Waa intaas. Dooddan hadda lama isticmaalo. Waxay u badan tahay inay ahayd inaad sidan u qorto:
Status(unsigned Mask, unsigned Mode) : Mask(Mask), Mode(Mode) {
this->Mode &= Mask;
};Jajab N37: Jahwareer isbedbeddelaya
class SectionBase {
....
uint64_t Size = 0;
....
};
class SymbolTableSection : public SectionBase {
....
};
void SymbolTableSection::addSymbol(Twine Name, uint8_t Bind, uint8_t Type,
SectionBase *DefinedIn, uint64_t Value,
uint8_t Visibility, uint16_t Shndx,
uint64_t Size) {
....
Sym.Value = Value;
Sym.Visibility = Visibility;
Sym.Size = Size;
Sym.Index = Symbols.size();
Symbols.emplace_back(llvm::make_unique<Symbol>(Sym));
Size += this->EntrySize;
}Digniin PVS-Studio: V1001 [CWE-563] Doorsoomiyaha 'Size' waa la qoondeeyay laakiin lama isticmaalo dhamaadka shaqada. Shayga.cpp 424
Xaaladdu waxay la mid tahay tii hore. Waa in la qoraa:
this->Size += this->EntrySize;Jajab N38-N47: Waxay illoobeen inay hubiyaan tusaha
Markii hore, waxaanu eegnay tusaalooyinka kicinta ogaanshaha . Nuxurkeedu waa in tilmaanta la leexiyo bilowga, ka dibna kaliya la hubsado. Baarista dhalinyarada waa ka soo horjeeda macnaha, laakiin sidoo kale waxay muujinaysaa khaladaad badan. Waxay tilmaamaysaa xaaladaha meesha tilmaanta la hubiyay bilowgii ka dibna la ilaaway in la sameeyo. Aynu eegno kiisaska noocaas ah ee laga helay gudaha LLVM.
int getGEPCost(Type *PointeeType, const Value *Ptr,
ArrayRef<const Value *> Operands) {
....
if (Ptr != nullptr) { // <=
assert(....);
BaseGV = dyn_cast<GlobalValue>(Ptr->stripPointerCasts());
}
bool HasBaseReg = (BaseGV == nullptr);
auto PtrSizeBits = DL.getPointerTypeSizeInBits(Ptr->getType()); // <=
....
}Digniinta PVS-Studio: V1004 [CWE-476] Tilmaamaha 'Ptr' waxaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Hubi khadadka: 729, 738. TargetTransformInfoImpl.h 738
Isbadal Ptr laga yaabaa in loo siman yahay nullptr, sida ku cad jeegga:
if (Ptr != nullptr)Si kastaba ha ahaatee, hoosta tilmaan-bixiyahan waa la tixraacay iyada oo aan la hubin:
auto PtrSizeBits = DL.getPointerTypeSizeInBits(Ptr->getType());Aynu tixgelinno kiis kale oo la mid ah.
llvm::DISubprogram *CGDebugInfo::getFunctionFwdDeclOrStub(GlobalDecl GD,
bool Stub) {
....
auto *FD = dyn_cast<FunctionDecl>(GD.getDecl());
SmallVector<QualType, 16> ArgTypes;
if (FD) // <=
for (const ParmVarDecl *Parm : FD->parameters())
ArgTypes.push_back(Parm->getType());
CallingConv CC = FD->getType()->castAs<FunctionType>()->getCallConv(); // <=
....
}Digniinta PVS-Studio: V1004 [CWE-476] Tilmaamaha 'FD' waxaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Eeg khadadka: 3228, 3231. CGDebugInfo.cpp 3231
U fiirso calaamadda FD. Waxaan hubaa in dhibaatadu si cad u muuqato oo aan loo baahnayn sharraxaad gaar ah.
Oo intaas ka sii badan:
static void computePolynomialFromPointer(Value &Ptr, Polynomial &Result,
Value *&BasePtr,
const DataLayout &DL) {
PointerType *PtrTy = dyn_cast<PointerType>(Ptr.getType());
if (!PtrTy) { // <=
Result = Polynomial();
BasePtr = nullptr;
}
unsigned PointerBits =
DL.getIndexSizeInBits(PtrTy->getPointerAddressSpace()); // <=
....
}Digniinta PVS-Studio: V1004 [CWE-476] Tilmaamaha 'PtrTy' waxaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Hubi khadadka: 960, 965. InterleavedLoadCombinePass.cpp 965
Sidee naftaada uga ilaalin kartaa khaladaadkaas? Si dheeraad ah ugu fiirso Code-Review oo isticmaal PVS-Studio static analyzer si aad si joogto ah u hubiso summadaada.
Ma jirto wax macno ah in la tixraaco jajabyada koodka kale ee leh khaladaadka noocaan ah. Waxaan maqaalka kaga tagayaa liis digniin ah oo keliya:
- V1004 [CWE-476] Tilmaamaha 'Expr' ayaa loo isticmaalay si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Hubi khadadka: 1049, 1078. DebugInfoMetadata.cpp 1078
- V1004 [CWE-476] Tilmaamaha 'PI' waxaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Hubi khadadka: 733, 753. LegacyPassManager.cpp 753
- V1004 [CWE-476] Tilmaamaha 'StatepointCall' ayaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Hubi khadadka: 4371, 4379. Verifier.cpp 4379
- V1004 [CWE-476] Tilmaamaha 'RV' ayaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Eeg khadadka: 2263, 2268. TGParser.cpp 2268
- V1004 [CWE-476] Tilmaamaha 'CalleeFn' ayaa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Calaamadee khadadka: 1081, 1096. SimplifyLibCalls.cpp 1096
- V1004 [CWE-476] Tilmaamaha 'TC' waxa loo adeegsaday si aan badbaado lahayn ka dib markii laga xaqiijiyay nullptr. Eeg khadadka: 1819, 1824. Driver.cpp 1824
Jajab N48-N60: Ma aha mid muhiim ah, laakiin waa cillad (daadin xusuusta suurtagalka ah)
std::unique_ptr<IRMutator> createISelMutator() {
....
std::vector<std::unique_ptr<IRMutationStrategy>> Strategies;
Strategies.emplace_back(
new InjectorIRStrategy(InjectorIRStrategy::getDefaultOps()));
....
}Digniinta PVS-Studio: [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Xeeladaha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-isel-fuzzer.cpp 58
Si loogu daro shay dhamaadka weelka sida std :: vector > kaliya ma qori kartid xxx.push_back(cusub), mar haddii aysan jirin beddelaad maldahan oo ka yimid X* в std :: gaar ah_ptr.
Xalka guud waa in la qoro xxx.emplace_back(cusub)maadaama ay soo ururisay: hab dib u dhig wuxuu si toos ah uga dhisaa curiye doodihiisa, sidaas darteedna wuxuu isticmaali karaa dhisayaal cad.
Ma ahan ammaan. Haddii fayraska uu buuxsamo, markaa xusuusta ayaa dib loo qoondeeyay. Hawlgalka dib u dejinta xusuusta ayaa laga yaabaa inuu guuldareysto, taasoo keentay in laga reebo in la tuuro std:: xun_alloc. Xaaladdan oo kale, tilmaamuhu wuu lumi doonaa oo shayga la abuuray marnaba lama tirtiri doono.
Xalka badbaadada leh waa in la abuuro gaar ah_ptrKaas oo yeelan doona tilmaame ka hor inta aanu vector-ku isku dayin in uu meel kale dhigo xusuusta:
xxx.push_back(std::unique_ptr<X>(new X))Tan iyo C++14, waxaad isticmaali kartaa 'std:: make_unique':
xxx.push_back(std::make_unique<X>())Ciladda noocan ahi muhiim uma aha LLVM. Haddii xusuusta aan la qoondayn karin, iskudubariduhu si fudud ayuu u joogsan doonaa. Si kastaba ha ahaatee, codsiyada leh dheer , taas oo aan joojin karin kaliya haddii qoondaynta xusuusta ay ku guuldareysato, tani waxay noqon kartaa bug dhab ah oo xun.
Marka, in kasta oo koodhkani aanu khatar wax ku ool ah ku ahayn LLVM, haddana waxaan u arkay inay faa'iido u leedahay inaan ka hadlo qaabkan khaladka ah iyo in falanqeeyaha PVS-Studio uu bartay inuu aqoonsado.
Digniinaha kale ee noocan ah:
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Passes' iyadoo loo marayo habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. Maamulaha Baasaboorka.h 546
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'AAs' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. AliasAnalysis.h 324
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Enries' iyadoo loo marayo habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. DWARFDebugFrame.cpp 519
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'AllEdges' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. CFGMST.h 268
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'VMaps' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. SimpleLoopUnswitch.cpp 2012
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Diiwaanka' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. FDRLogBuilder.h 30
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'PendingSubmodules' ee la sugaayo habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. ModuleMap.cpp 810
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'walxaha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. DebugMap.cpp 88
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Xeeladaha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-isel-fuzzer.cpp 60
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 685
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 686
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 688
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 689
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 690
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 691
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 692
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 693
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Wax ka bedelayaasha' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. lvm-stress.cpp 694
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha waxaa lagu daraa weelka 'Operands' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. GlobalISelEmitter.cpp 1911
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Stash' iyadoo loo marayo habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. GlobalISelEmitter.cpp 2100
- V1023 [CWE-460] Tilmaame aan lahayn mulkiilaha ayaa lagu daraa weelka 'Matchers' habka 'emplace_back'. Diidashada xusuusta ayaa dhici doonta haddii laga reebo. GlobalISelEmitter.cpp 2702
gunaanad
Waxaan soo saaray 60 digniin ah wadar ahaan ka dibna waan joojiyay. Ma jiraan cillado kale oo PVS-Studio analyzer uu ku ogaado LLVM? Haa waan haystaa. Si kastaba ha noqotee, markii aan qorayay jajabyada koodka ee maqaalka, waxay ahayd fiidkii goor dambe, ama halkii habeenba, oo waxaan go'aansaday in la joogo waqtigii aan u yeeri lahaa maalin.
Waxaan rajeynayaa inaad xiiso u heshay oo aad rabto inaad tijaabiso falanqeeyaha PVS-Studio.
Waxaad kala soo bixi kartaa falanqaynta oo aad ka heli kartaa furaha miinooyinka .
Tan ugu muhiimsan, si joogto ah u isticmaal falanqaynta taagan. Jeegaga hal mar ah, anaga oo fulinayna si aan u faafino habka falanqaynta taagan iyo PVS-Studio maaha xaalad caadi ah.
Nasiib wacan hagaajinta tayada iyo isku halaynta koodhkaaga!
Haddii aad rabto inaad maqaalkan la wadaagto dhagaystayaasha ku hadla Ingiriisiga, fadlan isticmaal xidhiidhka tarjumaadda: Andrey Karpov. .
Source: www.habr.com