llvm/clang static analyzer reports
Maarten Hoes
hoes.maarten at gmail.com
Thu Oct 1 12:20:08 UTC 2020
Hi,
On Thu, Oct 1, 2020 at 8:59 AM Stephan Bergmann <sbergman at redhat.com> wrote:
We would need some mechanism to filter
> out such identified false positives, with whatever mechanism would be
> suitable: an annotation in the source code, a modification of the
> -analyzer-... command line options passed to clang, etc. However, that
> filtering should be done in an auditable way, so that we can later
> discover that we are filtering false positives relating to a certain
> location in the code, and can learn the rationale why those were
> considered false positives. (Something that can be a pain with the way
> we use Coverity Scan, see below.)
>
I briefly looked at the documentation [1] and faq [2], and to me it looks
like although you can do some things to ignore / filter out specific
issues, I cannot tell if this is what you are looking for. Perhaps it's
best if I leave that up to people who actually know what they're talking
about :).
With the analyzer commandline options, it looks like you can disable entire
classes of checks with the '-disable-checker' option, but that would mean
that the check is disabled for the entire codebase, which probably isn't
what you are looking for.
[1]
https://clang-analyzer.llvm.org/annotations.html
[2]
https://clang-analyzer.llvm.org/faq.html
> From a quick look at the list, I see instances of all of: clearly true
> positives, clearly false positives, and unclear findings.
>
So, does that mean that it might be a useful tool, or are there simply too
many false positives to be of any help ?
- Maarten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20201001/55ad07d7/attachment.htm>
More information about the LibreOffice
mailing list