[cfe-dev] RFC clang analyzer false positives (for loop)

[Artem Dergachev via cfe-dev]

On 8/26/16 7:36 PM, Jonathan Roelofs wrote:
> On 8/26/16 10:05 AM, Mehdi Amini via cfe-dev wrote:
>>
>> Couldn’t there be a “mode” where the analyzer would only report when
>> it finds a patch where the condition happens. I.e. instead of
>> considering “I don’t know what is the possible value for nr so I
>> complain about a possible error”, having the alternate behavior of “I
>> know that there is a path where nr can be <= 0 and the loop not
>> executed so I complain”.
>
> I think it would be very useful, even if only to explain what 
> assumptions the analyzer made when it came to that conclusion. I bet 
> that would make it easier to "correct" those assumptions via 
> assertions, when you see that it thinks something could happen that 
> you happen to know is never true.
>
The analyzer does - or at least tries its best to - explain all the 
assumptions it takes (in -analyzer-output=text or -analyzer-output=html 
or -analyzer-output=plist, which includes all known/sensible use cases). 
This system is being improved, but it's already pretty good. Also, the 
analyzer tries to skip some assuming-path-pieces that are probably 
useless, but even that can be avoided with "-analyzer-config 
prune-paths=false".