Clang Static Analyzer: add support for full path/flow to a given issue #1707
Comments
|
I have a working solution on my desk which I'm about to upload shortly. |
|
Hi @romanek-adam, we are interested to see you solution. Regards, |
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 16, 2019
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 16, 2019
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 17, 2019
|
Hi @guwirth , |
|
@romanek-adam yes, see comments there. |
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 19, 2019
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 23, 2019
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 24, 2019
ClangStaticAnalyzer is good at finding issues which involve a certain path in code, with given constraints and values of particular variables. Its HTML reports visualize the full path from the start to the final location, showing all the intermediate steps and the assumptions taken. The path and conditions are very often critical to understand why CSA reports a given issue. Without them one can easily judge CSA for reporting a false positive, while in fact the issue is there, but the conditions are non-obvious. Currently sonar-cxx only reports the final location of a given issue. This PR addresses this shortcoming and closes the gap to CSA's HTML reports. With this PR SonarQube is now able to present the full path to a given issue, which provides similar UX to CSA's HTML reports. Closes SonarOpenCommunity#1707.
romanek-adam
pushed a commit
to LibertyGlobal/sonar-cxx
that referenced
this issue
Apr 25, 2019
ClangStaticAnalyzer is good at finding issues which involve a certain path in code, with given constraints and values of particular variables. Its HTML reports visualize the full path from the start to the final location, showing all the intermediate steps and the assumptions taken. The path and conditions are very often critical to understand why CSA reports a given issue. Without them one can easily judge CSA for reporting a false positive, while in fact the issue is there, but the conditions are non-obvious. Currently sonar-cxx only reports the final location of a given issue. This PR addresses this shortcoming and closes the gap to CSA's HTML reports. With this PR SonarQube is now able to present the full path to a given issue, which provides similar UX to CSA's HTML reports. Closes SonarOpenCommunity#1707.
haghighi
pushed a commit
to haghighi/sonar-cxx
that referenced
this issue
Jun 22, 2019
ClangStaticAnalyzer is good at finding issues which involve a certain path in code, with given constraints and values of particular variables. Its HTML reports visualize the full path from the start to the final location, showing all the intermediate steps and the assumptions taken. The path and conditions are very often critical to understand why CSA reports a given issue. Without them one can easily judge CSA for reporting a false positive, while in fact the issue is there, but the conditions are non-obvious. Currently sonar-cxx only reports the final location of a given issue. This PR addresses this shortcoming and closes the gap to CSA's HTML reports. With this PR SonarQube is now able to present the full path to a given issue, which provides similar UX to CSA's HTML reports. Closes SonarOpenCommunity#1707.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The goal of this task is to extend Clang Static Analyzer support in sonar-cxx plugin with the full path to a given issue (which can be found under the "path" key in CSA's *.plist files; it's also called "flow" in SQ terms).
The text was updated successfully, but these errors were encountered: