llvm/clang static analyzer reports

Maarten Hoes hoes.maarten at gmail.com
Thu Oct 1 12:20:08 UTC 2020


Hi,

On Thu, Oct 1, 2020 at 8:59 AM Stephan Bergmann <sbergman at redhat.com> wrote:

We would need some mechanism to filter
> out such identified false positives, with whatever mechanism would be
> suitable: an annotation in the source code, a modification of the
> -analyzer-... command line options passed to clang, etc.  However, that
> filtering should be done in an auditable way, so that we can later
> discover that we are filtering false positives relating to a certain
> location in the code, and can learn the rationale why those were
> considered false positives.  (Something that can be a pain with the way
> we use Coverity Scan, see below.)
>

I briefly looked at the documentation [1] and faq [2], and to me it looks
like although you can do some things to ignore / filter out specific
issues, I cannot tell if this is what you are looking for. Perhaps it's
best if I leave that up to people who actually know what they're talking
about :).

With the analyzer commandline options, it looks like you can disable entire
classes of checks with the '-disable-checker' option, but that would mean
that the check is disabled for the entire codebase, which probably isn't
what you are looking for.

[1]
https://clang-analyzer.llvm.org/annotations.html

[2]
https://clang-analyzer.llvm.org/faq.html


> From a quick look at the list, I see instances of all of: clearly true
> positives, clearly false positives, and unclear findings.
>

So, does that mean that it might be a useful tool, or are there simply too
many false positives to be of any help ?


- Maarten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20201001/55ad07d7/attachment.htm>


More information about the LibreOffice mailing list