[cfe-dev] Clang: Suppress static analysis of system header files

Matthieu Monrocq matthieu.monrocq at gmail.com
Mon Oct 8 11:22:46 PDT 2012


You should probably special case unnammed parameters in your analysis.
Though it's not the core of the problem, I agree.

-- Matthieu

On Mon, Oct 8, 2012 at 10:21 AM, Sujit Kamthe
<Sujit.Kamthe at kpitcummins.com> wrote:
> Hi Jordan,
>
> I have written a ShortFunctionNameChecker.
> Find the code below.
> -------------------------------------------------------------------------------
>
>
>
> //=== ShortVariableNameChecker.cpp -------------------------------*- C++ -*-===//
> //@Author: Sujit Kamthe
> //Date: 5-June-2012
> //
> //
> //===----------------------------------------------------------------------===//
> //
> // This defines ShortVariableChecker, which returns warning for short Variable names.
> //Variable name should not be smaller than 2 char long.
> //
> //===----------------------------------------------------------------------===//
>
> #include "ClangSACheckers.h"
> #include "clang/StaticAnalyzer/Core/Checker.h"
> #include "clang/StaticAnalyzer/Core/CheckerManager.h"
> #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
> #include "clang/StaticAnalyzer/Core/PathSensitive/ObjCMessage.h"
> #include "llvm/ADT/StringSwitch.h"
> #include <cstdarg>
> #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
> #include "String.h"
>
> using namespace clang;
> using namespace ento;
> using namespace check;
>
> namespace {
>
>         class ShortVariableNameChecker : public Checker< check::ASTDecl<VarDecl>> {
>         public:mutable AnalysisDeclContext* AC;
>                  mutable OwningPtr<BuiltinBug> BT;
>                  static const int MIN_LENGTH=2;
> public:
>   void checkASTDecl(const VarDecl *VD, AnalysisManager& mgr,
>                          BugReporter &BR) const;
>
> };
>
> }
>
> void ShortVariableNameChecker::checkASTDecl(const VarDecl *VD, AnalysisManager& mgr,
>                          BugReporter &BR) const {
>
>         int varNameLen=strlen(VD->getName().data());
>
>
>   if(varNameLen<MIN_LENGTH){
>
>
>   PathDiagnosticLocation loc=PathDiagnosticLocation::create(VD,BR.getSourceManager());
>         char message[100];
>
>   sprintf(message,"Variable name cannot be less than %d characters long",MIN_LENGTH);
>          if (!BT)
>                 BT.reset(new BuiltinBug(message));
>
>           // Generate a report for this bug.
>       BugReport *R = new BugReport(*BT, BT->getName(), loc);
>           BR.EmitReport(R);
>
>   }
>
> }
>
>
>
> void ento::registerShortVariableNameChecker(CheckerManager &mgr) {
>   mgr.registerChecker<ShortVariableNameChecker>();
> }
>
>
>
> ---------------------------------------------------------------------------------------------------
>
> This code reports violations in Header file
> e.g.
> C:\Program Files\Microsoft Visual Studio 10.0\VC\include\conio.h:54:43: warning:
>
>       Variable name cannot be less than 2 characters long
> unsigned long __cdecl _inpd(unsigned short);
>                                           ^
>
> Caret position is being shown after unsigned int.
>
>
> Regards,
> Sujit Kamthe
> BuildBox|KPITCummins Infosystems Ltd|Extn:3102 |Mobile:7709076120
>
> -----Original Message-----
> From: Jordan Rose [mailto:jordan_rose at apple.com]
> Sent: Monday, October 01, 2012 9:29 PM
> To: Sujit Kamthe
> Cc: Jean-Daniel Dupas; Clang Developers
> Subject: Re: [cfe-dev] Clang: Suppress static analysis of system header files
>
> By default, the analyzer does not analyze code in ANY headers, system or otherwise, with the idea that you don't want to see warnings in every file that includes the header. The exception to this rule is inlined functions that come from headers, and in that case you definitely do not want to ignore the header!
>
> Yes, this could lead to the analyzer reporting issues that really are the headers' fault, but as Anna said it's just as likely that it's the caller's fault. Consider this hypothetical addition to string.h:
>
> int isempty(const char *str) {
>   return str[0] == '\0';
> }
>
> If you call this function with a null pointer, the analyzer will warn about it as a null dereference, but the problem is really the caller. And if you compiled and ran the program, it would indeed crash! So there is definitely value from warning here.
>
> If you have an existing, concrete example (as in, you can attach the HTML file or an Xcode screenshot), then please file a bug at http://llvm.org/bugs/, but otherwise it seems difficult to have a meaningful discussion here.
>
> Best,
> Jordan
>
>
> On Oct 1, 2012, at 0:44 , Jean-Daniel Dupas <devlists at shadowlab.org> wrote:
>
>> Is adding a new flag required ? Clang already suppress some warnings in system headers.
>>
>> Isn't possible to use the same information to skip such headers in your "FunctionNameChecker" analyze ?
>>
>> Le 1 oct. 2012 à 06:38, Sujit Kamthe <Sujit.Kamthe at kpitcummins.com> a écrit :
>>
>>> Hi Anna,
>>> Let's say I have implemented a static analysis check "FunctionNameChecker" which checks for the length of the function name and reports a violation if it is less than 3.
>>> e.g. int do() will report a violation.
>>>
>>> If there are any such functions in system headers like 'stdio.h' 'conio.h' etc, they should not be reported as violation just because the header files are being referred in source code, Otherwise it created long list of diagnostics which is not very useful.
>>> On the other side if I have written my own header files and if I am referring those header files in my source code then any such violation should be reported.
>>>
>>> That's the reason I think there should be two options to specify header files (includes).
>>> One for user written includes and another for system header includes.
>>>
>>>
>>> Regards,
>>> Sujit Kamthe
>>> BuildBox|KPITCummins Infosystems Ltd|Extn:3102 |Mobile:7709076120
>>>
>>> From: Anna Zaks [mailto:ganna at apple.com]
>>> Sent: Friday, September 28, 2012 10:45 PM
>>> To: Sujit Kamthe
>>> Cc: Clang Developers; Jordan Rose; Ted Kremenek; Snehal Sable
>>> Subject: Re: [cfe-dev] Clang: Suppress static analysis of system
>>> header files
>>>
>>> Sujit,
>>>
>>> Can you provide us with an example that requires this option? Often warnings reported in the system headers are due to errors in user code.
>>>
>>> Anna.
>>>
>>> On Sep 28, 2012, at 12:31 AM, Sujit Kamthe <Sujit.Kamthe at kpitcummins.com> wrote:
>>>
>>>
>>> Hi Anna,
>>> I want to suppress warnings for all the system header files which are
>>> referred e.g. stdio.h It will be better if we have a flag to specify  system header files in include path and all the files specified by this flag should be ignored.
>>>
>>> e.g. clang --analyze  -systemIncludes "C:\Program Files\Microsoft
>>> Visual Studio 10.0\VC\include" -I "<Normal Headers>" test.c Here
>>> include files specified by SystemIncludes flag can be ignored from
>>> generating static analysis warnings if it is being referred in some
>>> source file but warnings will be generated for files which are
>>> specified using -I flag
>>>
>>> Regards,
>>> Sujit Kamthe
>>> BuildBox|KPITCummins Infosystems Ltd|Extn:3102 |Mobile:7709076120
>>>
>>> From: Anna Zaks [mailto:ganna at apple.com]
>>> Sent: Friday, September 28, 2012 12:33 PM
>>> To: Sujit Kamthe
>>> Cc: Clang Developers; Jordan Rose; Ted Kremenek
>>> Subject: Re: [cfe-dev] Clang: Suppress static analysis of system
>>> header files
>>>
>>> Hi Sujit,
>>>
>>> Currently there is no such option. Since the static analyzer performs path sensitive checking, the underlining reason for an analyzer warning may not be at the line/file where the error is reported.
>>>
>>> What is your use case for suppressing warnings in system/specified headers? Is there a particular warning you are trying to suppress?
>>>
>>> Thanks,
>>> Anna.
>>>
>>> On Sep 27, 2012, at 5:14 AM, Sujit Kamthe wrote:
>>>
>>>
>>>
>>> Hi,
>>> Is there any flag or option which suppresses static analyzer warnings for system or specified header files.
>>>
>>> Regards,
>>> Sujit Kamthe
>>>
>>> <image001.jpg>
>>> Productivity & FE | Automotive and Engineering SBU | KPITCummins
>>> Infosystems Ltd|Board: +91 20 66525000 | Extn:3102 |Mobile:7709076120
>>>
>>>
>>> This message contains information that may be privileged or
>>> confidential and is the property of the KPIT Cummins Infosystems Ltd.
>>> It is intended only for the person to whom it is addressed. If you
>>> are not the intended recipient, you are not authorized to read,
>>> print, retain copy, disseminate, distribute, or use this message or
>>> any part thereof. If you receive this message in error, please notify
>>> the sender immediately and delete all copies of this message. KPIT
>>> Cummins Infosystems Ltd. does not accept any liability for virus
>>> infected mails. _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>>
>>>
>>> This message contains information that may be privileged or confidential and is the property of the KPIT Cummins Infosystems Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Cummins Infosystems Ltd. does not accept any liability for virus infected mails.
>>>
>>>
>>> This message contains information that may be privileged or
>>> confidential and is the property of the KPIT Cummins Infosystems Ltd.
>>> It is intended only for the person to whom it is addressed. If you
>>> are not the intended recipient, you are not authorized to read,
>>> print, retain copy, disseminate, distribute, or use this message or
>>> any part thereof. If you receive this message in error, please notify
>>> the sender immediately and delete all copies of this message. KPIT
>>> Cummins Infosystems Ltd. does not accept any liability for virus
>>> infected mails. _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at cs.uiuc.edu
>>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
>> -- Jean-Daniel
>>
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev




More information about the cfe-dev mailing list