[cfe-dev] [analyzer][RFC] Attribute(s) to enhance/configure the analysis

[Gábor Márton via cfe-dev]

My example is a bit flawed, so it could look like this:

1)
[[clang::csa("supress.somecheck.somefunctionality")]] void foo();

2)
[[clang::csa("summary.BufferSize.Buffer(0).BufSize(1).BufSizeMultiplier(2)")]]
std::size_t fread( void* buffer, std::size_t size, std::size_t count,
std::FILE* stream );

3)
namespace myNamespace {
[[clang::csa("taint.sink")]]
void mySink(int x);
} // myNamespace

On Tue, Oct 20, 2020 at 5:34 PM Gábor Márton <martongabesz at gmail.com> wrote:

> Hi,
>
> There is an evolving need to configure the Clang Static Analyzer within
> the analyzed source code itself. We'd like to
> 1) suppress specific checkers (we already have an ongoing discussion at
> D89638 <https://reviews.llvm.org/D89638>)
> 2) express summaries (mainly argument constraints)
> 3) express taint propagation rules for functions (or for global variables
> like std::cin)
>
> What if we had one attribute for CSA with a StringArgument?
> (Actually, we already have that with the `annotate` attribute.)
>
> So we'd have something like this:
> 1) [[clang::csa("supress.somecheck.somefunctionality")]]
> 2)
> [[clang::csa("summary.std::fread.BufferSize.Buffer(0).BufSize(1).BufSizeMultiplier(2)")]]
> 3) [[clang::csa("taint.sink.myNamespace::mySink")]]
>
> Disadvantages: we must process strings whenever a node has the 'csa' attr
> attached, we have to come up with a "DSL".
> Advantages: total flexibility.
>
> I'd like to explore the possible approaches that we could have. For
> example, Aaron suggested alternatively for the suppression:
> [[clang::suppress("analyzer.somecheck.somefunctionality")]]
> [[clang::suppress("compiler.warning.12345")]]
> [[clang::suppress("tidy.check-name.whatever")]]
>
> Thanks,
> Gabor
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20201020/f026bd48/attachment.html>