You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cppcheck has some nasty implications when encountering "breaking" issues like syntaxError - resulting in not performing analysis on every translation unit with "breaking" code. Which, as a result causes us to potentially have undetected problems in the code. Specially if somebody do:
cppcheck ... --suppress=*:*lib/*
Then, when we run the analysis we think that everything is ok, because Cppcheck does not report anything, but under the hood the analysis is not performed at all.
cmake_minimum_required(VERSION 3.21)
project(JsonAndCppcheck LANGUAGES CXX)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
add_executable(example main.cpp json/json.hpp)
And program:
#include"json/json.hpp"intmain()
{
int array[5] = {};
array[5] = 5; // Cppcheck should report: Array 'array[5]' accessed at index 5, which is out of bounds. [arrayIndexOutOfBounds]
}
I know that this is the Cppcheck issue not json code problem - but if here, in CI, similar steps as above are done, then probably the Cppcheck analysis is broken 🧐
After slightly breaking the code (removing the comma near the suppress comment - which is wrong, but keeps Cppcheck going) I get more expected results:
$ cppcheck --check-level=exhaustive --project=build/compile_commands.json
Checking main.cpp ...
main.cpp:6:10: error: Array 'array[5]' accessed at index 5, which is out of bounds. [arrayIndexOutOfBounds]
array[5] = 5;
^
json/json.hpp:21253:13: error: Found an exit path from function with non-void return type that has missing return statement [missingReturn]
}
^
json/json.hpp:21276:13: error: Found an exit path from function with non-void return type that has missing return statement [missingReturn]
}
^
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Cppcheck has some nasty implications when encountering "breaking" issues like
syntaxError
- resulting in not performing analysis on every translation unit with "breaking" code. Which, as a result causes us to potentially have undetected problems in the code. Specially if somebody do:Then, when we run the analysis we think that everything is ok, because Cppcheck does not report anything, but under the hood the analysis is not performed at all.
As an example project:
With CMake:
And program:
Calling:
we get:
which is fine - we see that the issue in in the lib, but then we probably do:
and finally we get:
thinking that it's all fine but it's not.
I know that this is the Cppcheck issue not json code problem - but if here, in CI, similar steps as above are done, then probably the Cppcheck analysis is broken 🧐
After slightly breaking the code (removing the comma near the suppress comment - which is wrong, but keeps Cppcheck going) I get more expected results:
I went to the Cppcheck to submit the issue but already somebody has done that: https://trac.cppcheck.net/ticket/12923
Beta Was this translation helpful? Give feedback.
All reactions