[cfe-dev] [analyzer][RFC] Attribute(s) to enhance/configure the analysis
Gábor Márton via cfe-dev
cfe-dev at lists.llvm.org
Tue Oct 20 08:34:19 PDT 2020
Hi,
There is an evolving need to configure the Clang Static Analyzer within the
analyzed source code itself. We'd like to
1) suppress specific checkers (we already have an ongoing discussion at
D89638 <https://reviews.llvm.org/D89638>)
2) express summaries (mainly argument constraints)
3) express taint propagation rules for functions (or for global variables
like std::cin)
What if we had one attribute for CSA with a StringArgument?
(Actually, we already have that with the `annotate` attribute.)
So we'd have something like this:
1) [[clang::csa("supress.somecheck.somefunctionality")]]
2)
[[clang::csa("summary.std::fread.BufferSize.Buffer(0).BufSize(1).BufSizeMultiplier(2)")]]
3) [[clang::csa("taint.sink.myNamespace::mySink")]]
Disadvantages: we must process strings whenever a node has the 'csa' attr
attached, we have to come up with a "DSL".
Advantages: total flexibility.
I'd like to explore the possible approaches that we could have. For
example, Aaron suggested alternatively for the suppression:
[[clang::suppress("analyzer.somecheck.somefunctionality")]]
[[clang::suppress("compiler.warning.12345")]]
[[clang::suppress("tidy.check-name.whatever")]]
Thanks,
Gabor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20201020/9a24bf16/attachment.html>
More information about the cfe-dev
mailing list