[Interest] Klocwork errors in Qt

Tue Dec 3 23:40:08 CET 2019

On Tue, 3 Dec 2019 at 20:09, Thiago Macieira <thiago.macieira at intel.com> wrote:
>
> On Monday, 2 December 2019 18:53:14 PST Ramakanth Kesireddy wrote:
> > We got below errors in Qt 5.13 using C++ QWidgets while running static code
> > analysis withKlocwork:
> >
> > 1)Address of a local variable is returned via return statement expression
> > 'QStringBuilder<QStringBuilder<const char*,QString>,const char[2]>(a,
> > &b).b'.
> > 2)Address of a local variable is returned via return statement expression
> > 'QStringBuilder<QStringBuilder<const char*,QString>,const char[2]>(a, &b).b'
> > 3)Address of a local variable is returned via return statement expression
> > 'QStringBuilder<const char[2],QString>(&a, b).a'.
> >
> > pointing to the below source @
> > https://github.com/qt/qtbase/blob/dev/src/corelib/text/qstringbuilder.h
> >
> > template <typename A, typename B>
> > QStringBuilder<typename QConcatenable<A>::type, typename
> > QConcatenable<B>::type>
> > operator%(const A &a, const B &b)
> > {
> >    return QStringBuilder<typename QConcatenable<A>::type, typename
> > QConcatenable<B>::type>(a, b);
> > }
> >
> > We are concatenating two QStrings using % which might lead to the above
> > errors:
> > For eg: eventString = eventString % eventState
> >
> > Do you recommend to use QString(%1%2").arg( eventString ).arg( eventState )
> > instead to resolve above errors or ignore the Klocwork errors reported?
>
> No, there's no need. QStringBuilder works just fine and has been working for
> over 10 years. Either there's a problem somewhere in your code that you didn't
> show to us or it s a Klocwork false positive.

To me it seems that  QStringBuilder is broken. 10 years ago there was
no C++11, no auto.
QStringBuilder *worked* just fine, but not anymore.

> Hint: do not use "auto" to detect the type when QStringBuilder is active.

Hint: don't tell C++ programmers that by using Qt you cannot use C++
features as you wish.

> Don't write:
>     auto str = a + b;
> instead, write:
>     QString str = a + b;

IMHO, it is legit to write code like:
const QUrl url(urlString);
const auto appId = url.host() + "." + url.path().mid(1);
doSomeThing(appId); // void doSomeThing(const QString &stuff);

Yet it results in crashes, apparently because of QStringBuilder
holding references to temporary implicitly shared Qt object. I would
expect QStringBuilder to somehow grab a reference to this implicitely
shared object (eg. by incrementing a ref counter).

AFAIU, QT_USE_QSTRINGBUILDER is a dangerous build option, don't use it.

I honestly cannot accept that Qt is dictating me how to write C++ code
because something is broken in Qt and the Qt people refuse to ack it.

Please prove me wrong.

Chris.

NB: That's quite a perfect timing. The problem described above was
reported to me yesterday evening, and this morning i saw this email
thread.