Several problems with kwstackoverflow

4 replies [Last post]
jtrimble's picture
Offline
Joined: 09/07/2011

I'm trying to use kwstackoverflow to look for potential stack overflow issues in a mixed C/C++ codebase. However, I'm running into a number of problems, and kwstackoverflow seems to be missing even the most basic stack overflow errors.

I've reproduced several of the problems I'm having with the toy program shown here:

    #include <stdio.h>
    #include <stdlib.h>

    class Base
    {
        public:
        virtual void virtualFunction(void) = 0;
    };

    class Derived1 : public Base
    {
        public:
        virtual void virtualFunction(void);
    };

    void Derived1::virtualFunction(void)
    {
        printf("This is Derived1::virtualFunction()\n");
    }

    class Derived2 : public Base
    {
        public:
        virtual void virtualFunction(void);
    };

    void Derived2::virtualFunction(void)
    {
        int hugeArrayOnStack[100000];
        //hugeArrayOnStack[999999] = 42;

        printf("This is Derived2::virtualFunction()\n");
    }

    void callVirtualFunction(Base * pBase)
    {
        pBase->virtualFunction();
    }

    /* If first argument is 1 or less, runs with Derived1, if first argument is 2
     * or more, runs with Derived2 */
    int main( const int argc, char const * const * const argv)
    {
        Base * pBase;

        if ( argc > 1 && atoi(argv[1]) > 1 )
        {
            pBase = new Derived2();
        }
        else
        {
            pBase = new Derived1();
        }

        callVirtualFunction(pBase);

        delete pBase;

        return 0;
    }

It's quite obvious that Derived2::virtualFunction() has the potential to cause a stack overflow, since it declares a huge array on the stack, then calls printf(), which will push its local variables onto the stack beyond the array.

It seems that kwstackoverflow should have no problem finding this stack overflow issue, but it doesn't.

jtrimble@teamfoxhound{288}kwstackoverflow KW_TABLES
jtrimble@teamfoxhound{289}

Ok, well maybe that's because kwstackoverflow doesn't know what the entry points and stack sizes are. I created a file (entry_points.txt) that specifies the entry point (the main() function) and the stack size (1024 bytes, for argument's sake). Sure, 1024 bytes is a small stack size, but I'm trying to see what happens when there's an obvious stack overflow condition.

However, kwstackoverflow doesn't find the problem:

jtrimble@teamfoxhound{293}cat entry_points.txt 
main;1024
jtrimble@teamfoxhound{294}kwstackoverflow --config entry_points.txt KW_TABLES
jtrimble@teamfoxhound{295}

Likewise if I specify these on the command line:

jtrimble@teamfoxhound{296}kwstackoverflow --ss 1024 --entry main KW_TABLES

Ok, well maybe that's because kwstackoverflow doesn't know which version of "virtualFunction" is being called. I tried using the "--indir1" switch and created a file (indirect_calls.txt) that states the fact that "callVirtualFunction()" calls "virtualFunction()."

jtrimble@teamfoxhound{320}cat indirect_calls.txt 
function_name=callVirtualFunction
indirectly calls:
virtualFunction
END_OF_LIST
jtrimble@teamfoxhound{321}kwstackoverflow --config entry_points.txt --indir1 indirect_calls.txt KW_TABLES
jtrimble@teamfoxhound{322}

Hmm. Still nothing.

Side Note -------------------------------------------
Now, I realize that "virtualFunction" is ambiguous here, since it could refer to Derived1::virtualFunction() or Derived2::virtualFunction(), but every other way I tried specifying the indirect calls caused kwstackoverflow to emit some kind of error message:

jtrimble@teamfoxhound{311}cat indirect_calls.txt 
function_name=callVirtualFunction
indirectly calls:
void Derived2::virtualFunction(void)
END_OF_LIST
jtrimble@teamfoxhound{312}kwstackoverflow --config entry_points.txt --indir1 indirect_calls.txt KW_TABLES
Config file error: Cannot fing function callVirtualFunction (indirect calls to)
jtrimble@teamfoxhound{313}

or

jtrimble@teamfoxhound{314}cat indirect_calls.txt
function_name=void callVirtualFunction(Base*)
indirectly calls:
virtualFunction
END_OF_LIST
jtrimble@teamfoxhound{315}kwstackoverflow --config entry_points.txt --indir1 indirect_calls.txt KW_TABLES
Config file error: Cannot fing function void callVirtualFunction(Base*) (indirect calls from)
jtrimble@teamfoxhound{316}

End Side Note ---------------------------------------

So, basically it seems that I can't get kwstackoverflow to find the stack size problem in this simple program.

The only way I've seen kwstackoverflow give any indication of a problem is if I set the stack size to be small and ask it specifically about the offending function:

jtrimble@teamfoxhound{323}kwstackoverflow --ss 1024 --func virtualFunction KW_TABLES
Message:kwstackoverflow: Function virtualFunction maxStackSize=24 for task main
  code.cpp:main[local 12][max 12] at line 55
  code.cpp:callVirtualFunction[local 4][max 20] at line 37
  @__UNDEFINED__@:virtualFunction[local 0][max 24]
Error: Stack overflow possible for function <library>:printf 10000>1024 for task virtualFunction
  code.cpp:virtualFunction[local 9996][max 9996] at line 32
  <library>:printf[local 0][max 10000]
Error: Stack overflow possible for function code.cpp:virtualFunction 9996>1024 for task virtualFunction
  code.cpp:virtualFunction[local 9996][max 9996]
Message:kwstackoverflow: Function virtualFunction maxStackSize=9996 for task virtualFunction
  code.cpp:virtualFunction[local 9996][max 9996]
Message:kwstackoverflow: Function virtualFunction maxStackSize=0 for task virtualFunction
  code.cpp:virtualFunction[local 0][max 0]
jtrimble@teamfoxhound{324}

Of course there's a stack overflow problem there -- just the stack consumed by the single call to virtualFunction() is more than the specified stack size. I (almost) wouldn't even need a static analysis tool to tell me there's a problem there. ;-)

Unfortunately, it's not just feasible to run kwstackoverflow for every single function in my codebase, and it seems like it would kind of defeat the point of kwstackoverflow to have to do so.

All this is making it hard for me to trust kwstackoverflow's analysis.
Am I doing something wrong or does kwstackoverflow just not work well with C++?

tadebayo's picture
Offline
Joined: 01/13/2005

We currently do not correctly handle C++ virtual functions in the stackoverflow tool. Please open a support ticket on this at https://my.klocwork.com

jtrimble's picture
Offline
Joined: 09/07/2011

That's a pretty big restriction that severely limits the usefulness of kwstackoverflow for C++ code. Where are the details of this limitation described in the Klocwork product documentation?

habbott's picture
Offline
Joined: 02/16/2011

This limitation is not currently documented. Once your issue has been investigated and we know the details, we'll update the documentation (and this thread).

__________________

Helen Abbott Klocwork Documentation Manager

__________________

Helen Abbott Klocwork Documentation Manager

sunilagarwal's picture
Offline
Joined: 01/10/2014

Any updates on the stackoverflow usage with virtual functions.