llvm/clang static analyzer reports
hoes.maarten at gmail.com
Thu Oct 1 12:20:08 UTC 2020
On Thu, Oct 1, 2020 at 8:59 AM Stephan Bergmann <sbergman at redhat.com> wrote:
We would need some mechanism to filter
> out such identified false positives, with whatever mechanism would be
> suitable: an annotation in the source code, a modification of the
> -analyzer-... command line options passed to clang, etc. However, that
> filtering should be done in an auditable way, so that we can later
> discover that we are filtering false positives relating to a certain
> location in the code, and can learn the rationale why those were
> considered false positives. (Something that can be a pain with the way
> we use Coverity Scan, see below.)
I briefly looked at the documentation  and faq , and to me it looks
like although you can do some things to ignore / filter out specific
issues, I cannot tell if this is what you are looking for. Perhaps it's
best if I leave that up to people who actually know what they're talking
With the analyzer commandline options, it looks like you can disable entire
classes of checks with the '-disable-checker' option, but that would mean
that the check is disabled for the entire codebase, which probably isn't
what you are looking for.
> From a quick look at the list, I see instances of all of: clearly true
> positives, clearly false positives, and unclear findings.
So, does that mean that it might be a useful tool, or are there simply too
many false positives to be of any help ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LibreOffice