tencent / tscancode Goto Github PK
View Code? Open in Web Editor NEWA static code analyzer for C++, C#, Lua
License: Other
A static code analyzer for C++, C#, Lua
License: Other
首先非常感谢这么棒的工具,帮我提前发现了很多很多问题。但是使用中,有一个非常大的不便
我使用windows的gui版本,线程数只能选择1到4
但是现在普通人的电脑都有8核,我用的工作站,有40核。
目前我检查一次代码要5个多小时,CPU使用率10%左右。
请问如何修改这个线程数的最大上限呢?谢谢
Any plan to open-source TscanCode for Lua language?
git clone https://github.com/Tencent/TscanCode
cd TscanCode/trunk/
make
./tscancode ../samples/lua/
No output.
But ./tscancode ../samples/cpp/
works.
Same behavior when testing with Wine on TscanCode.exe.
UE4 的C++代码能支持吗?UE做了很多自己的特性,如何自定义一些自己的规则去支持分析?
lua中调用一个不存在的函数,工具不会给出提示。
命令行指令 --writefile 提示无法识别,请问是什么情况?
我用windows安装的窗体应用扫描文件夹方法扫描csharp的样例文件夹发现提示不全,少了几个文件错误提示,但是那几个使用单个文件扫描又会出现错误提示。
./TscanCode ./samples/
结果:
Start scanning, please wait...
û���ҵ�checklist.xml�����ļ��������������ļ��Ƿ����ڣ�
Parsing [cfg.ini] failed, please check whether cfg.ini exist or the format is valid.
can not find filter.ini
Checking /home/mick/code/TscanCode/samples/C#/CS_ConditionAlwaysTrue.cs...
1/15 files checked 6% done
Checking /home/mick/code/TscanCode/samples/C#/CS_ForeachInUpdate.cs...
2/15 files checked 13% done
Checking /home/mick/code/TscanCode/samples/C#/CS_StringFormat.cs...
3/15 files checked 19% done
Checking /home/mick/code/TscanCode/samples/C#/CS_UnsafeConstructor.cs...
4/15 files checked 25% done
Checking /home/mick/code/TscanCode/samples/C#/CS_dereferenceAfterNullCheck.cs...
5/15 files checked 32% done
Checking /home/mick/code/TscanCode/samples/C#/CS_dereferenceBeforeNullCheck.cs...
6/15 files checked 39% done
Checking /home/mick/code/TscanCode/samples/C#/CS_dereferenceIfNull.cs...
7/15 files checked 45% done
Checking /home/mick/code/TscanCode/samples/C++/UnintentionalOverflow.cpp...
8/15 files checked 49% done
Checking /home/mick/code/TscanCode/samples/C++/arrayIndexCheckDefect.cpp...
9/15 files checked 55% done
Checking /home/mick/code/TscanCode/samples/C++/checkNullDefect.cpp...
10/15 files checked 61% done
Checking /home/mick/code/TscanCode/samples/C++/dereferenceAfterCheck.cpp...
11/15 files checked 67% done
Checking /home/mick/code/TscanCode/samples/C++/dereferenceBeforeCheck.cpp...
12/15 files checked 74% done
Checking /home/mick/code/TscanCode/samples/C++/suspiciousSemicolon.cpp...
13/15 files checked 79% done
Checking /home/mick/code/TscanCode/samples/C++/uninitvar.cpp...
14/15 files checked 83% done
Checking /home/mick/code/TscanCode/samples/Lua/lua_LuaFuncMiss.cs...
15/15 files checked 100% done
[/home/mick/code/TscanCode/samples/C#/CS_ConditionAlwaysTrue.cs:7]: (error) (incorrectLogicOperator) Logical conjunction always evaluates to false: nLogic < 9 && nLogic > 10.
[/home/mick/code/TscanCode/samples/C++/checkNullDefect.cpp:4] -> [/home/mick/code/TscanCode/samples/C++/checkNullDefect.cpp:4]: (style) (dereferenceBeforeNullCheck) Possible null pointer dereference: npSt - otherwise it is redundant to check it against null.
[/home/mick/code/TscanCode/samples/C++/suspiciousSemicolon.cpp:4]: (portability) (suspiciousSemicolon) Suspicious use of ; at the end of 'if/for/while' statement.
[/home/mick/code/TscanCode/samples/C++/uninitvar.cpp:9]: (error) (uninitvar) uninitvar:Uninitialized variable: a
1、缺少文件cfg.ini,checklist.xml等文件。
2、window GUI下每个文件都能找出问题,linux下只识别了几个错误,请问是我的opt设置不对吗
3、使用 --xml:
报错
terminate called after throwing an instance of 'std::out_of_range'
what(): basic_string::substr: __pos (which is 4294967295) > this->size() (which is 48)
Aborted
4、使用 --errorlist,出现段错误
小白问题比较多,谢谢
1、() Include file: not found. Please note: tscancode does not need standard library headers to get proper results. ---》 想解决这种库头文件依赖的错误,是不是要配置cfg?
堆栈如下:
(gdb) bt
#0 0x00007f9e635712c7 in raise () from /usr/lib64/libc.so.6
#1 0x00007f9e635729b8 in abort () from /usr/lib64/libc.so.6
#2 0x00007f9e635b3e17 in __libc_message () from /usr/lib64/libc.so.6
#3 0x00007f9e635bc609 in _int_free () from /usr/lib64/libc.so.6
#4 0x000000000058c0b3 in Token::~Token() ()
#5 0x000000000058c238 in Token::deleteNext(unsigned long) ()
#6 0x0000000000598195 in Tokenizer::deleteInvalidTypedef(Token*) ()
#7 0x0000000000598289 in Tokenizer::simplifyTypedef2_eraseTypedefs(std::unordered_map<Token const*, STypedefEntry, std::hash<Token const*>, std::equal_to<Token const*>, std::allocator<std::pair<Token const* const, STypedefEntry> > >&) ()
#8 0x00000000005bbc38 in Tokenizer::simplifyTypedef2() ()
#9 0x00000000005c3adb in Tokenizer::simplifyTokenList1(char const*) ()
#10 0x00000000005cd809 in Tokenizer::tokenize(std::istream&, char const*, std::string const&, bool, bool) ()
#11 0x0000000000523014 in TscanCode::analyzeFile_internal(std::string const&, char const*, std::set<unsigned long long, std::less, std::allocator >&, bool&) ()
#12 0x0000000000523a0e in TscanCode::analyzeFile(std::istream&, std::string const&) ()
#13 0x00000000005243a6 in TscanCode::analyze(std::string const&) ()
#14 0x000000000040f5e2 in TscThreadExecutor::threadProc(void*) ()
#15 0x00007f9e6412fdd5 in start_thread () from /usr/lib64/libpthread.so.0
#16 0x00007f9e6363902d in clone () from /usr/lib64/libc.so.6
(gdb)
在 193 行
public:
/** @brief This constructor is used when registering this class */
CheckMemoryLeakInFunction() : Check(myName()), CheckMemoryLeak(0, 0, Standards()), symbolDatabase(NULL)
{ }
CheckMemoryLeak(0, 0, Standards())
构造函数把Standards()
临时栈空间绑到 standard 引用里了,可能会发生问题。
大佬们,什么时候更新下lua检测的源码学习下?
请问一下,linux版本怎么标记误报,window版本的误报配置文件是否可以给linux版本用?谢谢
xml格式的扫描结果看起来不是特别方便, 是否能够输出html格式的
请教一下
我tscancode搜索a.cpp文件的时候。a文件有#incldue "b.h",此时b.h里面是有异常的。但是
我可以在结果里面过滤掉b.h吗?我不想看b.h的结果。
我执行指令是
./tscancode --xml a.h 2> result.xml
C++代码
好像如果在构造内存中,添加Init()初始化函数。
也就是在构造函数中嵌套的情况下,如果我在Init()里面初始化类对象,会提示
Message: Member variable 'CBuffPacket::m_szData,m_u4ReadPtr,m_u4WritePtr,m_u4PacketLen,m_u4PacketCount,m_u4MaxPacketSize,m_blNetSort,m_nHashID,m_u4BuffID,' is not initialized in the constructor.
类似这样的代码,代码静态检查可否加上对嵌套函数内部的检查呢?
各位辛苦了
样例
CBuffPacket::CBuffPacket(int nSize, int nMaxBuffSize)
{
if (false == Init(nSize, nMaxBuffSize))
{
OUR_DEBUG((LM_INFO, "[CBuffPacket::CBuffPacket]Error(%s).\n", m_szError));
}
}
bool CBuffPacket::Init(int nSize, int nMaxBuffSize)
{
//ACE_Guard<ACE_Recursive_Thread_Mutex> WGuard(m_ThreadLock);
try
{
m_szError[0] = '\0';
m_u4MaxPacketSize = (uint32)nMaxBuffSize;
if(nSize >= (int)m_u4MaxPacketSize)
{
OUR_DEBUG((LM_ERROR, "[CBuffPacket::Init] nSize [%d] is more than m_u4MaxPacketSize.\n", nSize));
char szError[MAX_BUFF_500] = {'\0'};
sprintf_safe(szError, MAX_BUFF_500, "[CBuffPacket::Init] nSize [%d] is more than m_u4MaxPacketSize.", nSize);
throw szError;
}
//初始化包数据结构
m_u4ReadPtr = 0;
m_u4WritePtr = 0;
m_u4PacketCount = 0;
m_nHashID = 0;
m_u4PacketLen = (uint32)((int)ceil((double)nSize/(double)DEFINE_PACKET_ADD))*DEFINE_PACKET_ADD;
m_szData = (char*)App_ACEMemory::instance()->malloc(m_u4PacketLen);
m_u4BuffID = 0;
//OUR_DEBUG((LM_ERROR, "[CBuffPacket::Init] nSize [%d], m_szData=[0x%08x].\n", m_u4PacketLen, m_szData));
if(NULL == m_szData)
{
OUR_DEBUG((LM_ERROR, "[CBuffPacket::Init] nSize [%d] is new error.\n", m_u4PacketLen));
char szError[MAX_BUFF_500] = {'\0'};
sprintf_safe(szError, MAX_BUFF_500, "[CBuffPacket::Init] nSize [%d] is new error..", m_u4PacketLen);
throw szError;
}
m_blNetSort = false;
return true;
}
catch(const char* szError)
{
sprintf_safe(m_szError, MAX_BUFF_500, "%s", szError);
return false;
}
}
您好,我在查找代码检测工具时看到这个项目,想要使用lua代码检查功能,目前我的开发环境使用mac,所以想请教您目前进度如何,我有什么方法能获取或者使用mac进行lua代码检测,谢谢
首先感谢工具非常好用,谢谢作者的辛苦。
我有一段测试代码
//文件测试数据信息
typedef struct FILETESTDATAINFO
{
char m_szData[MAX_BUFF_10240]; //当前缓冲中数据的长度
uint32 m_u4DataLength; //当前缓冲块中的数据长度
FILETESTDATAINFO()
{
ACE_OS::memset(m_szData, 0, MAX_BUFF_10240);
m_u4DataLength = 0;
}
FILETESTDATAINFO(const FILETESTDATAINFO& ar)
{
ACE_OS::memset(m_szData, 0, MAX_BUFF_10240);
if (false == memcpy_safe(const_cast<char*>(ar.m_szData), MAX_BUFF_10240, const_cast<char*>(this->m_szData), MAX_BUFF_10240))
{
OUR_DEBUG((LM_INFO, "[FILETESTDATAINFO::FILETESTDATAINFO]memcpy_safe error.\n"));
}
this->m_u4DataLength = ar.m_u4DataLength;
}
void Close()
{
ACE_OS::memset(m_szData, 0, MAX_BUFF_10240);
m_u4DataLength = 0;
}
~FILETESTDATAINFO()
{
Close();
}
FILETESTDATAINFO& operator= (const FILETESTDATAINFO& ar)
{
if (false == memcpy_safe(const_cast<char*>(ar.m_szData), MAX_BUFF_10240, const_cast<char*>(this->m_szData), MAX_BUFF_10240))
{
OUR_DEBUG((LM_INFO, "[FILETESTDATAINFO::FILETESTDATAINFO]operator= error.\n"));
}
this->m_u4DataLength = ar.m_u4DataLength;
return *this;
}
} FileTestDataInfoSt;
为什么检验的时候提示我
Type: FuncReturn Line: XXX Message: The return value of function [Close] is not used.
我的 Close()是一个void 类型 没有返回值呀?
类似的代码还有(提示我Close接口返回值没有使用)
//中间服务器消息类接口
class IPostMessage
{
public:
IPostMessage()
{
m_pRecvPacket = NULL;
m_pSendPacket = NULL;
m_u4ServerID = 0;
m_u2CommandID = 0;
m_blDelete = true;
}
virtual ~IPostMessage()
{
Close();
}
virtual void Close()
{
if(NULL != m_pRecvPacket)
{
delete m_pRecvPacket;
m_pRecvPacket = NULL;
}
if(NULL != m_pSendPacket)
{
delete m_pSendPacket;
m_pSendPacket = NULL;
}
m_u4ServerID = 0;
m_u2CommandID = 0;
m_blDelete = true;
}
virtual bool SetRecvPacket(IBuffPacket* pRecvPacket)
{
if(NULL == pRecvPacket)
{
return false;
}
m_pRecvPacket = pRecvPacket;
return true;
}
virtual bool SetSendPacket(IBuffPacket* pSendPacket)
{
if(NULL == pSendPacket)
{
return false;
}
m_pSendPacket = pSendPacket;
return true;
}
virtual IBuffPacket* GetRecvPacket()
{
return m_pRecvPacket;
}
virtual IBuffPacket* GetSendPacket()
{
return m_pSendPacket;
}
virtual void CallBefore() = 0;
virtual void CallBack() = 0;
virtual void SetServerID(uint32 u4ServerID)
{
m_u4ServerID = u4ServerID;
}
virtual uint32 GetServerID()
{
return m_u4ServerID;
}
virtual void SetCommandID(uint16 u2CommandID)
{
m_u2CommandID = u2CommandID;
}
virtual uint16 GetCommandID()
{
return m_u2CommandID;
}
private:
IBuffPacket* m_pRecvPacket;
IBuffPacket* m_pSendPacket;
uint32 m_u4ServerID;
uint16 m_u2CommandID;
bool m_blDelete;
};
How to create the config.h file?
Thanks.
如题
我的源代码C++, 可以编译并且运行。用cppckeck测试出了几十个错误,用clang测试不出错误,用TscanCode测试,直接段错误了
当c#文件中含有类似如下语法,在Tokenizing阶段会卡住。
class SomeClass
{
private Dictionary<string, (string a, string b)> dictionary = new Dictionary<string, (string a, string b)>();
}
Hi Friends,
I install latest TscanCode version in my win10 machine and already configure environment variable, but the file "result.xml" is blank after executing "tscancode --xml funcTest.cpp 2>result.xml". please help.
Thanks
#define LogCheckPtrVoid(ptr, ...)
if(nullptr == ptr){
ERROR_LOG(VA_ARGS);
return;
}
有这样的一段宏定义,在程序其他地方调用的时候判断指针。但是扫描之后,后面使用该指针的时候,扫描工具会报空指针警告。
For now, codes under trunk are only for TscanCode CPP version, C# and Lua version are in the internal review process. Sorry for the inconvenience.
is written in README. So I want to know if C# scan analysis is already supported.
相关问题: #39
背景:
问题:
针对 TscanCode 单个误报问题(非全局),是否有类似 cpplint 的 NOLINT
的非全局 ignore 机制?
代码如下,使用mac版本检查:
using System.Collections;
using System.Collections.Generic;
using System.IO;
using UnityEngine;
public class NewBehaviourScript : MonoBehaviour
{
int count = 0;
// Start is called before the first frame update
void Start()
{
// Debug.LogError(Application.persistentDataPath);
//GameObject game = null;
//game.name = "";
}
// Update is called once per frame
void Update()
{
Read();
}
public void Read()
{
if (count > 100) return;
string strWriteFilePath = string.Format("{0}/Log{1}.txt", Application.persistentDataPath, count++) ;
StreamWriter srWriteFile = new StreamWriter(strWriteFilePath);
// srWriteFile.Close();
}
}
命令:
./TscSharp --xml /Users/XXXXXX/testPerformance/Assets/NewBehaviourScript.cs 2>result.xml
得到的结果是空的,由于家里PC今天视频线突然出问题就没测试。在公司项目代码检查时发现可以检查出来,但是不确定是不是全部检查出来了。
这个是xcode leak结果
rt
我添加屏蔽路径,路径中有两个下划线,点添加后,发现第一个下划线没了
于是我的屏蔽规则无效了
Hello and thank you for developing TScan.
In the readme file it is stated that "the accuracy rate is about 90%". Im interested in what "accuracy" here refers to and how it is measured. Could you tell me more about it please?
输出的xml中既包含了结果的输出,又包含了代码中异常的输出。
例如我在我们项目中实用tsclua.exe,得到的输出为:
<?xml version="1.0" encoding="UTF-8"?>
所在位置 行:1 字符:1
+ ./tsclua.exe --xml xxxxxxxxxxxxx 2 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ Category Info :xxxxxxxxxxxxxxxxxxxxxx
+ FullyQualifiedErrorID : xxxxxxxxxxxxxxxxxxxxxxx
<results>
...
而且我根据这个错误也看不出来到底哪出错了。
Demo* demo = new Demo[10];
delete demo;
工具没有对上述代码作出检出warning或者其他报告
tscan对下面的类型没有检查吗?
我的代码这样用会coredump。
unisgned char a = 0;
printf("%s", a);
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.