| blob | ee9ba164387f34a76be7cdb62ab8396399312c89 |
3 <html>
4 <head>
10 </head>
15 <!-- menu -->
16 <!--#include virtual="menu.html.incl"-->
17 <!-- page content -->
21 <p>This page contains a list of potential checkers to implement in the static analyzer. If you are interested in contributing to the analyzer's development, this is a good resource to help you get started. The specific names of the checkers are subject to review, and are provided here as suggestions.</p>
23 <!-- ========================= allocation/deallocation ======================= -->
32 Potential memory leaks caused by an undefined argument evaluation order.
33 <p>Source: <a href="https://www.boost.org/doc/libs/1_49_0/libs/smart_ptr/shared_ptr.htm#BestPractices">
37 void f(int, int);
38 int g(void *);
39 int h() __attribute__((noreturn));
41 void test() {
42 // It is possible that 'malloc(1)' is called first,
43 // then 'h()', that is (or calls) noreturn and eventually
44 // 'g()' is never called.
45 f(g(malloc(1)), h()); // warn: 'g()' may never be called.
46 }
47 </pre></div>
49 void f(int, int);
50 int g(int *);
51 int h() { throw 1; };
53 void test() {
54 // It is possible that 'new int' is called first,
55 // then 'h()', that throws an exception and eventually
56 // 'g()' is never called.
57 f(g(new int), h()); // warn: 'g()' may never be called.
58 }
59 </pre></div></div></td>
66 Destination buffer passed to memory function is too small.
70 <p>Source: <a href="https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>.</p></div></div></td>
73 void test() {
74 const char* s1 = "abc";
75 char *s2 = new char;
76 strcpy(s2, s1); // warn
77 }
78 </pre></div>
80 void test() {
81 int* p1 = new int[3];
82 int* p2 = new int;
83 memcpy(p2, p1, 3); // warn
84 }
85 </pre></div></div></td>
92 'n' is used to specify the buffer size may be negative.
94 alpha.security.MallocOverflow</span>.
99 void test() {
100 int *p;
101 int n1 = -1;
102 p = new int[n1]; // warn
103 }
104 </pre></div></div></td>
110 Allocation of zero bytes.
119 void test() {
120 int *p = malloc(0); // warn
121 free(p);
122 }
123 </pre></div>
125 void test() {
126 int *p = new int[0]; // warn
127 delete[] p;
128 }
129 </pre></div></div></td>
131 D6178</a></td></tr>
133 </table>
135 <!-- ======================= constructors/destructors ====================== -->
144 It is dangerous to let an exception leave a destructor.
147 leaving destructors.</p></div></div></td>
150 class A {
151 A() {}
152 ~A() { throw 1; } // warn
153 };
154 </pre></div>
156 void f() throw(int);
158 class A {
159 A() {}
160 ~A() { f(); } // warn
161 };
162 </pre></div></div></td>
169 For a placement copy or move, it is almost certainly an error if the
170 constructed object is also the object being copied from.</div></div></td>
173 class A {};
175 void test(A *dst, A *src) {
176 ::new (dst) A(*dst); // warn (should be 'src')
177 }
178 </pre></div></div></td>
181 </table>
183 <!-- ============================== exceptions ============================= -->
193 function do not throw exceptions.</div></div></td>
196 void test() throw(int) {
197 } // warn
198 </pre></div></div></td>
206 specifier.</div></div></td>
209 void test() throw() {
210 throw(1); // warn
211 }
212 </pre></div></div></td>
219 The type of a thrown exception differs from those specified in
223 struct S{};
225 void test() throw(int) {
226 S s;
227 throw (s); // warn
228 }
229 </pre></div></div></td>
232 </table>
234 <!-- ========================= smart pointers ============================== -->
249 delete[].</code>.
250 <p>Source: C++03 20.4.5p1; C++11 <code>auto_ptr</code> is deprecated (D.10).</p></div></div></td>
256 void test() {
259 }
260 </pre></div>
265 void test() {
267 }
268 </pre></div></div></td>
271 </table>
273 <!-- ============================== dead code ============================== -->
282 A variable is never modified but was not declared const and is not a
286 extern int computeDelta();
288 int test(bool cond) {
289 int i = 0;
290 if (cond) {
291 const int delta = computeDelta();
292 // warn: forgot to modify 'i'
293 }
294 return i;
295 }
296 </pre></div></div></td>
302 Warn about idempotent operations.</div></div></td>
305 void test() {
306 int x = 7;
307 x = x; // warn: value is always the same
308 }
309 </pre></div>
311 void test() {
312 int x = 7;
313 x /= x; // warn: value is always 1
314 }
315 </pre></div>
317 void test() {
319 x *= one; // warn: right op is always 1
320 }
321 </pre></div>
323 void test() {
325 x = x - zero;
326 // warn: the right operand to '-' is always 0
327 }
328 </pre></div></div></td>
332 </table>
334 <!-- ================================ POSIX ================================ -->
344 fail.</div></div></td>
349 int readWrapper(int fd, int *count) {
350 int lcount = read(fd, globalBuf, sizeof(globalBuf));
351 if (lcount < 0)
352 return errno;
353 *count = lcount;
354 return 0;
355 }
357 void use(int fd) {
358 int count;
359 if (!readWrapper(fd, &count))
360 print("%d", count); // should not warn
361 }
362 </pre></div></div></td>
365 </table>
367 <!-- ========================= undefined behavior ========================== -->
377 the destruction of an object with static storage duration.
383 class A {
384 public:
385 ~A() {
386 std::exit(1); // warn
387 }
388 };
389 </pre></div></div></td>
396 Undefined behavior: function containing a definition of static local object is
397 called during the destruction of an object with static storage duration so that
398 flow of control passes through the definition of the previously destroyed
399 static local object.
403 void f();
405 class A {
406 public:
407 ~A() {
408 f(); // warn
409 }
410 };
412 class B {};
414 A a;
416 void f() {
417 static B b;
418 }
419 </pre></div></div></td>
426 The effect of dereferencing a pointer returned as a request for zero size is
427 undefined.<br>
429 unix.Malloc</span>.
435 void test() {
436 int *p = (int *)malloc(0);
437 *p = 1; // warn
438 free(p);
439 }
440 </pre></div>
442 void f(int);
444 void test() {
445 int *p = new int[0];
446 f(*p); // warn
447 delete[] p;
448 }
449 </pre></div></div></td>
456 Undefined behavior: the following usage of the pointer to the object whose
457 lifetime has ended can result in undefined behavior:<br>
458 The object will be or was of a class type with a non-trivial destructor and
460 The object will be or was of a non-POD class type (C++11: any class type) and
461 <ul><li>the pointer is used to access a non-static data member or call a
462 non-static member function of the object</li>
463 <li>the pointer is implicitly converted to a pointer to a base class
464 type</li>
474 class A {
475 public:
476 ~A();
477 };
479 class B : public A {};
481 void test() {
482 A *a = new A;
483 new(a) B;
484 delete a; // warn
485 }
486 </pre></div>
490 class A {
491 public:
492 ~A();
493 };
495 class B {};
497 void test() {
498 A *a = new A;
499 new(a) B;
500 a->~A();
501 }
502 </pre></div>
506 class A {
507 public:
508 ~A();
509 };
511 class B : public A {};
513 class C {};
515 void f(A*);
517 void test() {
518 B *b = new B;
519 new(b) C;
520 f(b); // warn
521 }
522 </pre></div>
526 class A {
527 public:
528 ~A();
529 };
531 class B : public A {};
533 class C {};
535 A* test() {
536 B *b = new B;
537 new(b) C;
539 }
540 </pre></div>
544 class A {
545 public:
546 ~A();
547 };
549 class B : public A {};
551 class C {};
553 A* test() {
554 B *b = new B;
555 new(b) C;
557 }
558 </pre></div></div></td>
565 Undefined behavior: the program must ensure that an object occupies the same
566 storage location when the implicit or explicit destructor call takes place.
572 class A {};
574 class B {
575 public:
576 ~B();
577 };
579 void test() {
580 B b;
581 new (&b) A;
582 } // warn
583 </pre></div>
587 class A {};
589 class B {
590 public:
591 ~B();
592 };
594 void test() {
595 B *b = new B;
596 new (b) A;
597 delete b; // warn
598 }
599 </pre></div></div></td>
606 Undefined behavior: a scalar object shall have its stored value modified at
607 most once by the evaluation of an expression.<br>
608 Note: most cases are currently handled by the Clang core (search for 'multiple
609 unsequenced modifications' warning in Clang tests).
613 int test () {
614 int i = 0;
615 i = ++i + 1; // warn
616 return i;
617 }
618 </pre></div></div></td>
625 Undefined behavior: static declaration is re-entered while the object is being
626 initialized.
630 int test(int i) {
631 static int s = test(2 * i); // warn
632 return i + 1;
633 }
634 </pre></div></div></td>
641 Undefined behavior: const object is being modified.
645 void test() {
646 const int *cp = new const int (0);
648 *p = 1; // warn
649 delete p;
650 }
651 </pre></div>
653 class C {
654 public :
655 int i;
656 C();
657 };
659 void test() {
660 const C cb;
664 }
665 </pre></div></div></td>
672 Undefined behavior: the destructor is invoked for an object whose lifetime
673 has ended.
677 class A {
678 public:
679 void f();
680 A();
681 ~A();
682 };
684 void test() {
685 A a;
686 a.~A();
687 } // warn
688 </pre></div></div></td>
695 Undefined behavior: calls member function but base not yet initialized.
699 class A {
700 public :
701 A(int);
702 };
704 class B : public A {
705 public :
706 int f();
707 B() : A(f()) {} // warn
708 };
709 </pre></div></div></td>
716 C++ Undefined behavior: non-static member or base class of non-POD class type
717 is referred before constructor begins execution.<br>
718 C++11 Undefined behavior: non-static member or base class of a class with a
719 non-trivial constructor is referred before constructor begins execution.
723 struct non_POD {
724 int i;
725 non_POD();
726 };
728 extern non_POD non_pod;
730 int *p = &non_pod.i; // warn
731 </pre></div>
733 struct POD {
734 int i;
735 };
737 struct non_POD : public POD {
738 POD pod;
739 };
741 extern non_POD non_pod;
743 int *p = &non_pod.pod.i; // warn
744 </pre></div>
746 struct POD {
747 int i;
748 };
750 struct non_POD : public POD {};
752 extern non_POD non_pod;
754 POD *p = &non_pod; // warn
755 </pre></div>
757 struct non_POD {
758 int i;
759 non_POD();
760 };
762 struct S {
763 int *k;
764 non_POD non_pod;
765 S() : k(&non_pod.i) {} // warn
766 };
767 </pre></div></div></td>
774 C++03: Undefined behavior: non-static member of non-POD class type is referred
775 after destructor ends execution.<br>
776 C++11: Undefined behavior: non-static member of a class with a non-trivial
777 destructor is referred after destructor ends execution.
781 class C {
782 public:
783 C();
784 void f();
785 };
787 void test() {
788 C *c = new C();
789 c->~C();
790 c->f(); // warn
791 }
792 </pre></div></div></td>
799 Undefined behavior: call to virtual function of an object under construction
800 whose type is neither the constructors own class or one of its bases.
804 class A {
805 public:
806 virtual void f() {};
807 };
809 class B {
810 public:
811 B(A* a) { a->f(); } // warn
812 };
814 class C : public A, B {
815 public:
816 C() : B((A*)this) {}
817 };
818 </pre></div></div></td>
826 construction whose type is neither the constructors own class or one of its
827 bases.
833 class A {};
835 class B {
836 public:
837 B(A* a) {
838 (void)typeid(*a); // warn
839 }
840 };
842 class C : public A, B {
843 public:
844 C() : B((A*)this) {}
845 };
846 </pre></div></div></td>
854 construction whose type is neither the constructors own class or one of its
855 bases.
861 class A {
862 public:
863 virtual void f() {};
864 };
866 class B {
867 public:
868 B(A* a) {
870 }
871 };
873 class C : public A, B {
874 public:
875 C() : B((A*)this) {}
876 };
877 </pre></div></div></td>
884 Undefined behavior: referring to any non-static member or base class of an
885 object in the handler for a function-try-block of a constructor or destructor
886 for that object results in undefined behavior.
890 void f() { throw 1; }
892 class C {
893 int i;
894 public :
895 C()
896 try {
897 f();
898 }
899 catch (...) {
900 i=2; // warn
901 }
902 };
903 </pre></div>
905 void f() { throw 1; }
907 class Base {
908 public:
909 int i;
910 };
912 class C: public Base {
913 public :
914 ~C() try {
915 f();
916 }
917 catch (...) {
918 i=2; // warn
919 }
920 };
921 </pre></div></div></td>
928 Undefined behavior: a function returns when control reaches the end of a
929 handler. This results in undefined behavior in a value-returning function.
933 void f() { throw 1; }
935 int test() try {
936 f();
937 return 1;
938 }
939 catch(int) {
940 } // warn
941 </pre></div></div></td>
949 at the same time the behavior of the program is undefined.
956 void test() {
957 int *data = new int;
960 }
961 </pre></div></div></td>
970 alpha.security.ArrayBoundV2</span>.
977 void test() {
979 char c = s[10]; // warn
980 }
981 </pre></div>
985 void test() {
988 }
989 </pre></div></div></td>
997 stream is undefined.
1003 int test() {
1005 return *v.end(); // warn
1006 }
1007 </pre></div></div></td>
1014 C++03: Undefined behavior: the objects in the array passed to qsort are of
1015 non-POD type.<br>
1016 C++11: Undefined behavior: the objects in the array passed to qsort are of
1017 non-trivial type.
1021 // C++03
1025 struct non_POD {
1026 non_POD();
1027 };
1029 non_POD values[] = { non_POD(), non_POD() };
1031 int compare(const void *a, const void *b);
1033 void test() {
1034 qsort(values, 2, sizeof(non_POD), compare); // warn
1035 }
1036 </pre></div>
1038 // C++11
1041 struct S {};
1043 struct trivial_non_POD : public S {
1044 int i;
1045 };
1047 struct non_trivial {
1048 int i;
1049 non_trivial();
1050 };
1052 trivial_non_POD tnp[2];
1053 non_trivial nt[2];
1055 int compare1(const void *a, const void *b);
1057 int compare2(const void *a, const void *b);
1059 void test() {
1060 qsort(tnp, 2, sizeof(trivial_non_POD), compare1); // ok
1061 qsort(nt, 2, sizeof(non_trivial), compare2); // warn
1062 }
1063 </pre></div></div></td>
1070 Undefined behavior: copy constructor/assignment operator can throw an exception.
1071 The effects are undefined if an exception is thrown.</div></div></td>
1074 class C {
1075 public:
1076 int i, j;
1077 C (const C &c) {
1078 i = c.i;
1079 throw 1; // warn
1080 j = c.j;
1081 };
1082 };
1083 </pre></div>
1085 class C {
1086 public:
1087 int i, j;
1089 i = c.i;
1090 throw 1; // warn
1091 j = c.j;
1092 };
1093 };
1094 </pre></div></div></td>
1103 pointed to by the first argument (source).
1109 struct S {
1110 int i;
1111 S(int ii) : i(ii) {};
1112 };
1114 void test(void) {
1117 }
1118 </pre></div></div></td>
1131 // C++03
1134 void test(void) {
1136 a = b; // warn
1137 b.resize(1);
1138 a = b; // ok
1139 }
1140 </pre></div>
1145 void test(void) {
1147 a *= b; // warn
1148 }
1149 </pre></div>
1154 void test(void) {
1156 a = a + b; // warn
1157 }
1158 </pre></div>
1163 void test(void) {
1166 c = a == b; // warn
1167 }
1168 </pre></div></div></td>
1177 undefined.
1179 p7.</p></div></div></td>
1184 void test(void) {
1186 v.sum(); // warn
1187 }
1188 </pre></div></div></td>
1195 Undefined behavior: element is specified more than once in an indirection.
1202 void test() {
1203 // '1' is specified more then once
1207 a[indirect] = b; //warn
1208 }
1209 </pre></div>
1213 void test() {
1214 // '1' is specified more then once
1218 a[indirect] *= b; //warn
1219 }
1220 </pre></div></div></td>
1236 using namespace std;
1239 };
1243 class my_streambuf
1245 };
1246 public:
1247 my_stream2() {
1248 this->init(new my_streambuf);
1249 }
1250 };
1252 void test() {
1255 delete p1; // warn
1256 delete p2; // ok
1257 }
1258 </pre></div></div></td>
1273 using namespace std;
1276 };
1280 class my_streambuf
1282 };
1283 public:
1284 my_stream2() {
1285 this->init(new my_streambuf);
1286 }
1287 };
1289 void test() {
1292 p1->narrow('a', 'b'); // warn
1293 p2->narrow('a', 'b'); // ok
1294 }
1295 </pre></div></div></td>
1310 class my_streambuf : public std::streambuf {
1311 void f() {
1312 seekpos(-1); // warn
1313 }
1314 };
1315 </pre></div>
1319 void test() {
1320 std::filebuf fb;
1321 std::istream in(&fb);
1322 std::filebuf::off_type pos(-1);
1323 in.seekg(pos); // warn
1324 }
1325 </pre></div></div></td>
1328 </table>
1330 <!-- ============================ different ================================ -->
1335 </thead>
1340 Successive assign to a variable.</div></div></td>
1343 int test() {
1344 int i;
1345 i=1;
1346 i=2; // warn
1347 return i;
1348 }
1349 </pre></div></div></td>
1356 Dereferencing of the null pointer might take place. Checking the pointer for
1357 null should be performed first.
1362 struct S {
1363 int x;
1364 };
1366 struct S* f();
1368 void test() {
1369 struct S *p1 = f();
1370 int x1 = p1->x; // warn
1371 if (p1) {};
1373 struct S *p2 = f();
1374 int x2 = p2->x; // ok
1375 }
1376 </pre></div></div></td>
1383 Dereferencing of the null pointer might take place. Checking the pointer for
1384 null should be performed first.
1389 struct S {int i;};
1391 struct S* f();
1393 void test() {
1394 struct S *p = f();
1395 if (p->i && p) {}; // warn
1396 }
1397 </pre></div></div></td>
1404 Identical accessor bodies. Possibly a misprint.</div></div></td>
1407 class A {
1408 int i;
1409 int j;
1410 public:
1411 int getI() { return i; }
1412 int getJ() { return i; } // warn
1413 };
1414 </pre></div>
1416 class A {
1417 int i;
1418 int j;
1419 public:
1420 void setI(int& ii) { i = ii; }
1421 void setJ(int& jj) { i = jj; } // warn
1422 };
1423 </pre></div></div></td>
1430 Accessors exist for a public class field. Should this field really be
1431 public?</div></div></td>
1434 class A {
1435 public:
1436 int i; // warn
1437 int getI() { return i; }
1438 void setI(int& ii) { i = ii; }
1439 };
1440 </pre></div></div></td>
1447 Calling a function ignoring its return value is of no use (create the list of
1448 known system/library/API functions falling into this category).</div></div></td>
1453 void test() {
1455 v.empty(); // warn
1456 }
1457 </pre></div></div></td>
1464 Wrong variable is possibly used in the loop/cond-expression of
1466 'proper_variable_name'?</div></div></td>
1469 void test() {
1470 int i = 0;
1471 int j = 0;
1473 }
1474 </pre></div>
1476 void test() {
1477 int i = 0;
1478 int j = 0;
1480 }
1481 </pre></div></div></td>
1488 Comparing floating point numbers may be not precise.</div></div></td>
1493 double test() {
1494 double b = sin(M_PI / 6.0);
1495 if (b == 0.5) // warn
1496 b = 0;
1497 return b;
1498 }
1499 </pre></div></div></td>
1511 int f();
1513 void test() {
1514 bool b = true;
1515 if (b & f()) {} // warn
1516 }
1517 </pre></div></div></td>
1525 statement.</div></div></td>
1528 void test(int c) {
1529 switch(c){
1530 case 1:
1531 c += 1; break;
1532 defalt: // warn (did you mean 'default'?)
1533 c -= 1; break;
1534 }
1535 }
1536 </pre></div></div></td>
1544 identical.</div></div></td>
1547 int test(int c) {
1549 c += 1;
1551 c -= 1;
1552 return c;
1553 }
1554 </pre></div></div></td>
1562 expression result.</div></div></td>
1565 void test(unsigned a) {
1567 }
1568 </pre></div></div></td>
1575 An expression is always evaluated to true/false.</div></div></td>
1578 void test() {
1579 int i = 0;
1580 if (i != 0) {}; // warn
1581 }
1582 </pre></div>
1584 void test(int i) {
1586 }
1587 </pre></div>
1589 void test(int i) {
1591 }
1592 </pre></div></div></td>
1599 Comparison operation has higher precedence then assignment. Boolean value is
1600 assigned to a variable of other type. Parenthesis may bee required around an
1601 assignment.</div></div></td>
1604 int f();
1606 void test(int x, int y) {
1607 bool b;
1608 if((b = x != y)) {} // ok
1609 if((x = f() != y)) {} // warn
1610 }
1611 </pre></div></div></td>
1625 void test(int a) {
1627 }
1628 </pre></div>
1630 void test(int a) {
1632 }
1633 </pre></div></div></td>
1640 The object was created but is not being used.</div></div></td>
1643 struct S {
1644 int x, y;
1645 S(int xx, int yy) : x(xx), y(yy) {}
1646 S(int xx) {
1647 S(xx, 0); // warn
1648 }
1649 };
1650 </pre></div>
1654 void test() {
1655 std::exception();
1656 // warn (did you mean 'throw std::exception()'?)
1657 }
1658 </pre></div></div></td>
1665 Pointer to static array is being compared to NULL. May the subscripting is
1666 missing.</div></div></td>
1669 void test() {
1672 }
1673 </pre></div></div></td>
1680 Odd implicit conversion to boolean.
1685 bool test() {
1686 return 1.; // warn
1687 }
1688 </pre></div>
1690 bool test() {
1691 return ""; // warn
1692 }
1693 </pre></div></div></td>
1700 Out-of-bound dynamic array access.
1705 void test() {
1706 int *p = new int[1];
1707 int i = 1;
1708 if(p[i]) {}; // warn
1709 delete[] p;
1710 }
1711 </pre></div></div></td>
1718 Buffer copy without checking the size of input.
1723 void test(char* string) {
1724 char buf[24];
1725 strcpy(buf, string); // warn
1726 }
1727 </pre></div></div></td>
1734 Integer overflow.
1735 <br>Note: partially handled by Clang core
1736 (search for 'overflow in expression' warning in Clang tests).
1743 int f(int x);
1745 void test() {
1746 f(INT_MAX + 1); // warn
1747 }
1748 </pre></div>
1752 int test() {
1754 return x * 2; // warn
1755 }
1756 </pre></div></div></td>
1763 Unexpected sign extension might take place.
1768 unsigned long long test(long long sll) {
1769 unsigned long long ull = sll; // warn
1770 return ull;
1771 }
1772 </pre></div>
1774 void f(unsigned int i);
1776 void test(int si) {
1777 f(si); // warn
1778 }
1779 </pre></div>
1781 unsigned int test(int i) {
1782 return i;
1783 }
1784 </pre></div></div></td>
1791 Numeric truncation might take place.
1796 unsigned long test(unsigned long long ull) {
1797 unsigned long ul = ull; // warn
1798 return ul;
1799 }
1800 </pre></div>
1802 void f(int i);
1804 void test(long long sll) {
1805 f(sll); // warn
1806 }
1807 </pre></div>
1809 int f();
1811 short test(long long sll) {
1812 short ss = f();
1813 return ss;
1814 }
1815 </pre></div></div></td>
1822 A class has dynamically allocated data members but do not define a copy
1823 constructor/assignment operator.
1825 leaving destructors.</p></div></div></td>
1828 class C {
1829 int *p; // warn
1830 public:
1831 C() { p = new int; }
1832 ~C() { delete p; }
1833 };
1834 </pre></div></div></td>
1837 </table>
1839 <!-- ============================ WinAPI =================================== -->
1849 lpApplicationName</i></code> is NULL then the executable name must be in the
1851 If the executable or path name has a space in it, there is a risk that a
1852 different executable could be run because of the way the function parses
1853 spaces.
1854 <p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-createprocessa#security-remarks">
1860 void test() {
1861 STARTUPINFO si;
1862 PROCESS_INFORMATION pi;
1863 CreateProcess(NULL, TEXT("C:\\Program Files\\App -L -S"),
1864 NULL, NULL, TRUE, 0, NULL, NULL, &si, &pi);
1865 // warn
1866 }
1867 </pre></div></div></td>
1876 <p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibrarya#security-remarks">
1882 HINSTANCE test() {
1883 char filePath[100];
1885 return LoadLibrary(filePath); // warn
1886 }
1887 </pre></div></div></td>
1895 the input buffer equals the number of characters in the Unicode string, while
1896 the size of the output buffer equals the number of bytes.
1897 <p>Source: <a href="https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-widechartomultibyte">
1903 void test() {
1904 wchar_t ws[] = L"abc";
1905 char s[3];
1907 3, NULL, NULL); // warn
1908 }
1909 </pre></div></div></td>
1913 </table>
1915 <!-- =========================== optimization ============================== -->
1924 Optimization: It is more effective to pass constant parameter by reference to
1925 avoid unnecessary object copying.</div></div></td>
1928 struct A {};
1930 void f(const struct A a); // warn
1931 </pre></div></div></td>
1938 Optimization: It is more effective to use prefix increment operator with
1939 iterator.
1941 Distinguish between prefix and postfix forms of increment and decrement
1942 operators.</p></div></div></td>
1947 void test() {
1950 for(it = v.begin();
1951 it != v.end(); it++) {}; // warn
1952 }
1953 </pre></div></div></td>
1961 expression. It is more effective to hold a value returned
1967 void test(const char* s) {
1970 }
1971 </pre></div></div></td>
1985 void test() {
1986 std::string s;
1987 if (strlen(s.c_str()) != 0) {}; // warn
1988 }
1989 </pre></div></div></td>
1997 method to identify an empty container.</div></div></td>
2002 void test() {
2004 if (l.size() != 0) {}; // warn
2005 }
2006 </pre></div></div></td>
2010 </table>
2012 <br>
2015 </body>
2016 </html>