danmar
Added regression test for ticket #13474
could you lookup if there was such tests added already when this FN was fixed. which SHA fixed the FNs? (It is supposed to be fixed during last 5 months)
The test is unfortunate because it does not detect a regression. There are two possible ValueFlow solutions for this test:
- either ValueFlow can determine that both i and j will be 0 and then when those are are multiplied there will be division by zero. Both loops are required for this.
- or it can determine that whenever j is 0 then
i*jis 0 and then there is division by zero. only the inner loop is required for this.
if valueflow handle both and then there is a regression so valueflow only handle one of them then this test does not detect that regression.
either ValueFlow can determine that both i and j will be 0 and then when those are are multiplied there will be division by zero. Both loops are required for this.
A test for that could be:
for (int i=2; i >= 0; i--) {
for (int j=2; j >= 0; j--) {
result = 20 / (i + j);
}
}
now it can only say that i + j is zero if both operand values are known.
or it can determine that whenever j is 0 then i*j is 0 and then there is division by zero. only the inner loop is required for this.
A proper test for that would be to use only the inner loop and let i value be unknown.
void foo(int i) {
for (int j=2; j >= 0; j--)
result = 20 / (i * j);
}
@danmar Thanks for your comments. Test cases are now updated in accordance. It's good that you have provided these additional case, where (i +j) are summed up. It turned out that this case is a false negative (ref. to https://trac.cppcheck.net/ticket/13874).
Off the top of my head I believe a test suite could also for instance have similar loops with:
- modulo with zero
- array index underrun
- shift overflow
- signed integer underflow
- invalid function argument (when 0 is not in the valid range) ..