[PATCH] D122143: [clang][dataflow] Add support for disabling warnings on smart pointers.

Mon Mar 21 09:12:16 PDT 2022

xazax.hun added a comment.

In D122143#3396695 <https://reviews.llvm.org/D122143#3396695>, @ymandel wrote:

> So, do you mean to add a FIXME to move to allowlist, or do you mean to hold off until we've switched? I have a short-term interest in getting this through for a particular usecase, but I understand if you feel it just not a good idea. Regardless, I'm going to get started exploring an allowlist approach.

I see the precedent of FIXMEs getting followed up in this effort, so I'm fine with a FIXME for now :)

>> (or alternatively, we could add a confidence value to the unsafe access). Usually, these checks are pretty robust when we deal with objects on the stack of the analyzed function (locals, parameters), but it is really hard to reason about objects from the outside (e.g., when a reference to an object is acquired from a container or smart pointer) unless we have explicit modeling for the APIs. The confidence approach might be useful as we are unlikely to cover all the custom smart pointers the users have.
>
> This idea sounds useful, but I'm not really sure how it would play out. I suppose we'd then let the user set a confidence level for diagnostics (like logging level?). Regardless, I think for a first attempt, I'd rather go with binary yes/no. But interested in exploring this approach.

Some tools I worked with will have separate warnings for high and low confidence reports, so users can chose to enable both or only one of them. It can be useful when different users have different expectations, e.g., some thinks of it like verification of a safety property and willing to make changes to make the tool happy while others would think of it as a bug finding tool and would be annoyed by false positives.

Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D122143/new/

https://reviews.llvm.org/D122143