[cfe-dev] Clang 3.3 Checkers and Suppression?

Dean Sutherland dsutherland at cert.org
Thu Jun 6 07:27:11 PDT 2013 

Based on my past experience with static analysis on fielded (and often proprietary) code, I think it's quite important to have some supported way to write out-of-line annotations in an external file. Such annotations would then be processed as though they appear in the source code.  This is a crucial work-around for source bases where any change to the blessed source code requires very substantial review.  A few real-world examples include:
* safety-critical flight control software, where any change to either the source or the binary require a complete FAA safety audit of the entire system. They're understandably worried that people could die if you get things wrong.
* safety-critical software in DoD-land, which often has review requirements that are even more stringent than the FAA's. In these cases, they're worried that the *wrong* people may die if you get things wrong.
* mission-critical software in a wide variety of corporate settings. The stakes are lower, but the code owners are often nearly as resistant to modifications to existing code.

 I note, however, that it *must* be possible to restrict the annotations in such side-car files to only those that cannot effect the generated code -- static analysis annotations are a good example.  Projects like the examples I gave cannot risk unintended changes in their builds. (Yes, they could just remove the side-car files before building, but…)

Dean Sutherland



On Jun 5, 2013, at 11:44 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> Hi All,
> 
> I'm working with a library that needs suppression rules added (it
> produced over 2GB of output with Peng and Regehr's IOC). The library
> maintainers probably won't go for source annotations
> (http://clang-analyzer.llvm.org/annotations.html).
> 
> Is there a way to have Clang output one warning for each offending
> statement (rather than generate output every time the offending
> statement is encountered)?
> 
> Is there a way to use an external suppression file?
> 
> Jeff
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list