Warnings

Warnings namely, compiler warnings, static analysis warnings, and runtime analysis warnings are important to identify and fix issues in code. This section will cover the various types of warnings and how to configure and use them in the development process.

Compiling Warnings

Compiling warnings are the most common type of warnings. They are generated by the compiler when it detects potential errors or potential issues in the compiling process. Normally, these extra warnings are not visible to the developer unless they are enabled explicitly.

Configuration

The warning flags can be customized to pass the CMake configurable options:

• COMPILER_FLAGS_WARNINGS_GNU: Flags for gcc/clang compilers.

• COMPILER_FLAGS_WARNINGS_MSVC: Flags for msvc compilers.

• COMPILER_FLAGS_WARNINGS_CUDA: Flags for cuda compilers.

• CMAKE_COMPILE_WARNING_AS_ERROR: If treat warnings as errors. Default is false.

• COMPILER_FLAGS_SKIP_TARGETS_REGEXES: List of regexes to skip targets. Default is empty.

Note

All given options will be checked and applied only if the compiler supports them. Otherwise, the options will be ignored.

From now on, we are using the following optinos corresponding to the compilers used:

GCC/Clang

• -pedantic Warn on language extensions

• -Wall -Wextra reasonable and standard

• -Wshadow warn the user if a variable declaration shadows one from a parent context

• -Wnon-virtual-dtor warn the user if a class with virtual functions has a non-virtual destructor. This helps catch hard to track down memory errors

• -Wold-style-cast warn for c-style casts

• -Wcast-align warn for potential performance problem casts

• -Wunused warn on anything being unused

• -Woverloaded-virtual warn if you overload (not override) a virtual function

• -Wpedantic (all versions of GCC, Clang >= 3.2) warn if non-standard C++ is used

• -Wconversion warn on type conversions that may lose data

• -Wsign-conversion (Clang all versions, GCC >= 4.3) warn on sign conversions

• -Wmisleading-indentation (only in GCC >= 6.0) warn if indentation implies blocks where blocks do not exist

• -Wduplicated-cond (only in GCC >= 6.0) warn if if / else chain has duplicated conditions

• -Wduplicated-branches (only in GCC >= 7.0) warn if if / else branches have duplicated code

• -Wlogical-op (only in GCC) warn about logical operations being used where bitwise were probably wanted

• -Wnull-dereference (only in GCC >= 6.0) warn if a null dereference is detected

• -Wuseless-cast (only in GCC >= 4.8) warn if you perform a cast to the same type

• -Wdouble-promotion (GCC >= 4.6, Clang >= 3.8) warn if float is implicitly promoted to double

• -Wformat=2 warn on security issues around functions that format output (i.e., printf)

• -Wlifetime (only special branch of Clang currently) shows object lifetime issues

• -Wimplicit-fallthrough Warns when case statements fall-through. (Included with -Wextra in GCC, not in clang)

MSVC

• /permissive- - Enforces standards conformance.

• /W4 All reasonable warnings

• /w14242 ‘identfier’: conversion from ‘type1’ to ‘type1’, possible loss of data

• /w14254 ‘operator’: conversion from ‘type1:field_bits’ to ‘type2:field_bits’, possible loss of data

• /w14263 ‘function’: member function does not override any base class virtual member function

• /w14265 ‘classname’: class has virtual functions, but destructor is not virtual instances of this class may not be destructed correctly

• /w14287 ‘operator’: unsigned/negative constant mismatch

• /we4289 nonstandard extension used: ‘variable’: loop control variable declared in the for-loop is used outside the for-loop scope

• /w14296 ‘operator’: expression is always ‘boolean_value’

• /w14311 ‘variable’: pointer truncation from ‘type1’ to ‘type2’

• /w14545 expression before comma evaluates to a function which is missing an argument list

• /w14546 function call before comma missing argument list

• /w14547 ‘operator’: operator before comma has no effect; expected operator with side-effect

• /w14549 ‘operator’: operator before comma has no effect; did you intend ‘operator’?

• /w14555 expression has no effect; expected expression with side-effect

• /w14619 pragma warning: there is no warning number ‘number’

• /w14640 Enable warning on thread unsafe static member initialization

• /w14826 Conversion from ‘type1’ to ‘type_2’ is sign-extended. This may cause unexpected runtime behavior.

• /w14905 wide string literal cast to ‘LPSTR’

• /w14906 string literal cast to ‘LPWSTR’

• /w14928 illegal copy-initialization; more than one user-defined conversion has been implicitly applied

references:

• https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html

• https://clang.llvm.org/docs/UsersManual.html

• cppbestpracticecs

Static Analysis

Clang-tidy

The Clang-tidy tool is a clang-based C++ linter tool. It checks for style, performance, and security issues in C++ code.

It can be configured using the following options:

• USE_CLANGTIDY: If use clang-tidy. Default is OFF.

• USE_CLANGTIDY_OPTIONS: Clang-tidy run options. Default is -extra-arg=-Wno-unknown-warning-option;-extra-arg=-Wno-ignored-optimization-argument;-extra-arg=-Wno-unused-command-line-argument;-p;<build_dir>.

• USE_CLANGTIDY_WARNINGS_AS_ERRORS: Treat clang-tidy warnings as errors. Default is OFF.

Cppcheck

The Cppcheck tool is a static analysis tool for C/C++ code. It detects various types of bugs and offers a convenient way to suppress false positives.

It can be configured using the following options:

• USE_CPPCHECK: If use cppcheck. Default is OFF.

• USE_CPPCHECK_OPTIONS: cppcheck run options. Default is –enable=style,performance,warning,portability;–inline-suppr;–suppress=cppcheckError;–suppress=internalAstError;–suppress=unmatchedSuppression;–suppress=passedByValue;–suppress=syntaxError;–suppress=preprocessorErrorDirective;–inconclusive

• USE_CPPCHECK_WARNINGS_AS_ERRORS: Treat cppcheck warnings as errors. Default is OFF.

Runtime Analysis

Sanitizers

Sanitizers are tools that can detect memory leaks, use-after-free, and other memory errors at runtime. They can be configured using the following options:

• USE_SANITIZER: Default is OFF.

  • OFF: Disable sanitizers.

  • Address: Enable AddressSanitizer to detect most issues dealing with memory.

  • Memory: Enable MemorySanitizer to detect uninitialized reads.

  • Undefined: Enable UndefinedBehaviorSanitizer explicitly listed as resulting in undefined behaviour.

  • Thread: Enable ThreadSanitizer to detect data races for multi-threaded code.

  • Leak: Enable LeakSanitizer to detect memory leaks, or issues.

  • CFI: Enable ControlFlowIntegrity to detect control flow undefined behavior.

  • EnableMSVCAnnotations: Enable MSVC annotations. Default is OFF.

• USE_SANITIZER_ASAN_FLAGS: /fsanitize=address /Zi;-g -fsanitize=address -fno-omit-frame-pointer;-g -fsanitize=address

• USE_SANITIZER_MSAN_FLAGS: /fsanitize=memory;-g -fsanitize=memory -fsanitize-memory-track-origins;-g -fsanitize=memory

• USE_SANITIZER_USAN_FLAGS: -g -fsanitize=undefined

• USE_SANITIZER_TSAN_FLAGS: -g -fsanitize=thread

• USE_SANITIZER_LSAN_FLAGS: -g -fsanitize=leak

• USE_SANITIZER_CFI_FLAGS: -g -fsanitize=cfi

• USE_SANITIZER_EXTRA_FLAGS: Extra flags to pass to the sanitizer. Default to empty.

• USE_SANITIZER_BLACKLIST_FILE: Path to a blacklist file for Undefined sanitizer. Default to empty.

• USE_SANITIZER_SKIP_TARGETS_REGEXES: Regexes to skip targets to sanitize. Default to enable all targets instrumented.

Note

• Thread can not work with Address and Leak sanitizers.

• Memory can not work with Address, Leak, and Thread sanitizers.

Valgrind

Valgrind is a tool for detecting memory leaks, errors, and other runtime issues. It can be configured using the following options:

• USE_VALGRIND: If use valgrind to check memory issues. Default is OFF.

• USE_VALGRIND_OPTIONS: Default is –show-leak-kinds=all;–gen-suppressions=all;–track-origins=yes.

• USE_VALGRIND_SUPPRESSION_FILE: path to valgrind suppress config file.

• USE_VALGRIND_ENABLE_MEMCHECK: enable memory check with ctest command, e.g. ctest -T memcheck. Default is ON.

Note

• Valgrind can not work with sanitizer. You should disable it before run valgrind on testsuit.