[cfe-dev] [analyzer][RFC] Attribute(s) to enhance/configure the analysis
Valeriy Savchenko via cfe-dev
cfe-dev at lists.llvm.org
Tue Oct 20 13:11:52 PDT 2020
I totally agree with everything you said!
I just want to add something that I think was not very clear from my previous email. The existing “suppress” attribute is a statement attribute, which gives it a very fine level of granularity.
> On 20 Oct 2020, at 23:06, Gábor Horváth <xazax.hun at gmail.com> wrote:
> Speaking of suppressions, in an ideal world the user would never need that. I.e. when the analyzer misunderstands the code, the user would be able to add an assert or rewrite the code slightly and the result would be easier to understand both for humans and the analyzer. Unfortunately, this is not the case. We do have false positives when there is no clear way of rewriting the code or adding asserts to make the warning disappear. While it is useful to have an annotation for those cases, there are also some risks involved. Such an annotation can bitrot and redundant annotations can linger even after the code is changed or the analyzer is improved. Those annotations can suppress true positive results. Moreover, users might start to rely on those annotations instead of trying to make the code clearer first, amplifying the effects I mentioned earlier.
> I think an ideal suppress annotation would:
> * be applicable to a wide range of scopes, not just function scope
> * have clear documentation indicating this is the last resort and refer to some guidelines how to suppress false positives by improving the code
> * come with an easy mechanism to check whether the annotation makes any difference, so we can easily get rid of redundant ones
> * come with an easy mechanism to check how many issues are suppressed by the same annotation (or even expect the user to specify this number as an argument and warn if that does not match the reality?)
> We could also warn for checks when we do believe rewriting the code in a cleaner way should always be possible. I think overall those problems that would require the use of suppression annotations should be treated as a high priority.
More information about the cfe-dev