[cfe-dev] Clang: Suppress static analysis of system header files
Jordan Rose
jordan_rose at apple.com
Mon Oct 1 08:58:58 PDT 2012
By default, the analyzer does not analyze code in ANY headers, system or otherwise, with the idea that you don't want to see warnings in every file that includes the header. The exception to this rule is inlined functions that come from headers, and in that case you definitely do not want to ignore the header!
Yes, this could lead to the analyzer reporting issues that really are the headers' fault, but as Anna said it's just as likely that it's the caller's fault. Consider this hypothetical addition to string.h:
int isempty(const char *str) {
return str[0] == '\0';
}
If you call this function with a null pointer, the analyzer will warn about it as a null dereference, but the problem is really the caller. And if you compiled and ran the program, it would indeed crash! So there is definitely value from warning here.
If you have an existing, concrete example (as in, you can attach the HTML file or an Xcode screenshot), then please file a bug at http://llvm.org/bugs/, but otherwise it seems difficult to have a meaningful discussion here.
Best,
Jordan
On Oct 1, 2012, at 0:44 , Jean-Daniel Dupas <devlists at shadowlab.org> wrote:
> Is adding a new flag required ? Clang already suppress some warnings in system headers.
>
> Isn't possible to use the same information to skip such headers in your "FunctionNameChecker" analyze ?
>
> Le 1 oct. 2012 à 06:38, Sujit Kamthe <Sujit.Kamthe at kpitcummins.com> a écrit :
>
>> Hi Anna,
>> Let’s say I have implemented a static analysis check “FunctionNameChecker” which checks for the length of the function name and reports a violation if it is less than 3.
>> e.g. int do() will report a violation.
>>
>> If there are any such functions in system headers like ‘stdio.h’ ‘conio.h’ etc, they should not be reported as violation just because the header files are being referred in source code, Otherwise it created long list of diagnostics which is not very useful.
>> On the other side if I have written my own header files and if I am referring those header files in my source code then any such violation should be reported.
>>
>> That’s the reason I think there should be two options to specify header files (includes).
>> One for user written includes and another for system header includes.
>>
>>
>> Regards,
>> Sujit Kamthe
>> BuildBox|KPITCummins Infosystems Ltd|Extn:3102 |Mobile:7709076120
>>
>> From: Anna Zaks [mailto:ganna at apple.com]
>> Sent: Friday, September 28, 2012 10:45 PM
>> To: Sujit Kamthe
>> Cc: Clang Developers; Jordan Rose; Ted Kremenek; Snehal Sable
>> Subject: Re: [cfe-dev] Clang: Suppress static analysis of system header files
>>
>> Sujit,
>>
>> Can you provide us with an example that requires this option? Often warnings reported in the system headers are due to errors in user code.
>>
>> Anna.
>>
>> On Sep 28, 2012, at 12:31 AM, Sujit Kamthe <Sujit.Kamthe at kpitcummins.com> wrote:
>>
>>
>> Hi Anna,
>> I want to suppress warnings for all the system header files which are referred e.g. stdio.h
>> It will be better if we have a flag to specify system header files in include path and all the files specified by this flag should be ignored.
>>
>> e.g. clang –-analyze –systemIncludes “C:\Program Files\Microsoft Visual Studio 10.0\VC\include” –I “<Normal Headers>” test.c
>> Here include files specified by SystemIncludes flag can be ignored from generating static analysis warnings if it is being referred in some source file but warnings will be generated for files which are specified using –I flag
>>
>> Regards,
>> Sujit Kamthe
>> BuildBox|KPITCummins Infosystems Ltd|Extn:3102 |Mobile:7709076120
>>
>> From: Anna Zaks [mailto:ganna at apple.com]
>> Sent: Friday, September 28, 2012 12:33 PM
>> To: Sujit Kamthe
>> Cc: Clang Developers; Jordan Rose; Ted Kremenek
>> Subject: Re: [cfe-dev] Clang: Suppress static analysis of system header files
>>
>> Hi Sujit,
>>
>> Currently there is no such option. Since the static analyzer performs path sensitive checking, the underlining reason for an analyzer warning may not be at the line/file where the error is reported.
>>
>> What is your use case for suppressing warnings in system/specified headers? Is there a particular warning you are trying to suppress?
>>
>> Thanks,
>> Anna.
>>
>> On Sep 27, 2012, at 5:14 AM, Sujit Kamthe wrote:
>>
>>
>>
>> Hi,
>> Is there any flag or option which suppresses static analyzer warnings for system or specified header files.
>>
>> Regards,
>> Sujit Kamthe
>>
>> <image001.jpg>
>> Productivity & FE | Automotive and Engineering SBU | KPITCummins Infosystems Ltd|Board: +91 20 66525000 | Extn:3102 |Mobile:7709076120
>>
>>
>> This message contains information that may be privileged or confidential and is the property of the KPIT Cummins Infosystems Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Cummins Infosystems Ltd. does not accept any liability for virus infected mails. _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>>
>> This message contains information that may be privileged or confidential and is the property of the KPIT Cummins Infosystems Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Cummins Infosystems Ltd. does not accept any liability for virus infected mails.
>>
>>
>> This message contains information that may be privileged or confidential and is the property of the KPIT Cummins Infosystems Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Cummins Infosystems Ltd. does not accept any liability for virus infected mails. _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
> -- Jean-Daniel
>
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list