[cfe-dev] Clang Static Analyzer: False Positive Suppression Support

Aditya K via cfe-dev cfe-dev at lists.llvm.org
Thu Aug 18 12:00:55 PDT 2016 

> My company has an implementation of comment suppression that we haven't tried to upstream yet.  It doesn't address all the issues you mentioned though.
> The general comment format is something like: // clang_sa_ignore [deadcode.DeadStores, cplusplus] plus whatever other text the user wants
> The comment must be on the same line as the last element in the path.  The line offset that you proposed seems like a reasonable extension.

> The comment only suppresses the diagnostic.  This happens well after all the path sensitive nodes have been created.  Stated differently, the comment suppression does not help the analyzer uncover new problems.
> One thing to note is that it isn't necessarily obvious which checker generated a warning, particularly when you only have the console output to work with.
>  So we changed our analyzer to also emit the category of any static analyzer warnings.
> I'll start some internal conversations and see if we can start getting some of those patches upstreamed.

Hi Ben,
It will be great to get that set of patches upstream. I wrote them a couple of years ago. Once they are upstreamed, I'll get a chance to improve it further. For example, having hash-based implementation is also useful in some cases
where the project is unwilling to go the comment-based (intrusive) route.


Thanks,
-Aditya


________________________________
From: cfe-dev <cfe-dev-bounces at lists.llvm.org> on behalf of Craig, Ben via cfe-dev <cfe-dev at lists.llvm.org>
Sent: Thursday, August 18, 2016 2:20 PM
To: cfe-dev at lists.llvm.org
Subject: Re: [cfe-dev] Clang Static Analyzer: False Positive Suppression Support


My company has an implementation of comment suppression that we haven't tried to upstream yet.  It doesn't address all the issues you mentioned though.

The general comment format is something like: // clang_sa_ignore [deadcode.DeadStores, cplusplus] plus whatever other text the user wants

The comment must be on the same line as the last element in the path.  The line offset that you proposed seems like a reasonable extension.

The comment only suppresses the diagnostic.  This happens well after all the path sensitive nodes have been created.  Stated differently, the comment suppression does not help the analyzer uncover new problems.

One thing to note is that it isn't necessarily obvious which checker generated a warning, particularly when you only have the console output to work with.  So we changed our analyzer to also emit the category of any static analyzer warnings.

I'll start some internal conversations and see if we can start getting some of those patches upstreamed.

On 8/18/2016 3:17 AM, Gábor Horváth via cfe-dev wrote:
Hi!

In the CodeChecker tool (https://github.com/Ericsson/codechecker) we support suppressing false positive bugs as a post processing step. After all the issues were reported, CodeChecker filters out the suppressed ones, and those will not be displayed to the user.
[https://avatars0.githubusercontent.com/u/4161311?v=3&s=400]<https://github.com/Ericsson/codechecker>

CodeChecker is a defect database and viewer extension for ...<https://github.com/Ericsson/codechecker>
github.com
codechecker - CodeChecker is a defect database and viewer extension for Clang Static Analyzer




In our experience, however, and external tool only suppression suppport is not sufficient for certian reasons:
* When a checker generates a sink node during analysis, the rest of the path will not be covered by the Static Analyzer. Unfortunately, if the user suppress the bug in an external tool, the coverage will not get better. This way false positive results can hide true positive results regardless of suppression.
* The compiler could do better job diagnosing ill formed suppressions (invalid source range, typo in checker name etc).
* Tools that are developed on top of the compiler need not to introduce their own customized solution for suppression.

It is beneficial to have a suppression format that is standard across all clang tools. So the same format could be used to:
* Suppress clang warnings
* Suppress clang static analyzer warnings
* Suppress clang tidy warnings

There are two main approaches to suppress warnings that I can think of right now:

Suppress using comments (or pragma):
* This is a good solution for code evolution. The comments are moving together with the code. Edits are less likely to invalidate comments.
* This is an intrusive solution, the source code needs to be changed to suppress an issue. This is both good, because the suppressions are version controlled and bad, because suppressing in 3rd party libraries might be problematic.
* For path sensitive checks, it is not always self evident at which point of the path should a suppression comment be added.


Suppress using hashes:
* It is hard to come up with a reliable hash to identify bugs. There always might be corner cases when the hashes of different bugs collide or the hash of a bug changes due to an edit that in fact should not affect the bug.
* It is non intrusive.
* The user do not need to think about at which point should the suppression comment be inserted.


I would suggest the suppress comment road.
The syntax could be something like:
// clang suppress warning-or-checker-name [optional line offset][optional column range] [comment]

The warning-or-checker-name could be a regex, so multiple checks can be suppressed at the same time.
Column ranges are useful when multiple errors are reported for the same line.
Line offsets are useful when one do not want to break the flow of a multi line code snippet with a comment, so this way warnings could be suppressed without too much negative effects on the readability.
Comment is for documentation purposes, the user can document why does she think that this is a false positive.

What do you think?

Regards,
Gábor







_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev



--
Employee of Qualcomm Innovation Center, Inc.
Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, a Linux Foundation Collaborative Project

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160818/6ce6ba8a/attachment.html>

More information about the cfe-dev mailing list