dcoughlin added reviewers: zaks.anna, NoQ. dcoughlin added a comment. The analyzer has two different kinds of diagnostics: AST-based and path-sensitive. AST-based diagnostics are similar to the diagnostics that clang performs in Sema in that they can usually be localized to a single program point. For AST-based checks, we follow clang's policy and never report a diagnostic in system headers.
In contrast, path-sensitive diagnostics describe errors that occur along a particular path through the program and so they involve multiple program points. Even when these paths *end* in system headers, they may start in application code and ultimately be the application code's fault. For example, if the application passes NULL to an inline function in a C++ header that then dereferences that pointer, we do want to emit a diagnostic even though the location of the diagnostic is in a system header. In this case the application programmer can do something about it: they should not pass NULL to the function. By design the analyzer doesn't ever *start* a path-sensitive check in a header (either user or system) -- but if a path starts in an application source file and eventually calls into a header and does something bad, we do report it under the assumption that the application code is violating a header precondition. This can lead to false positives when the analyzer doesn't understand the system headers properly. In those cases we have custom heuristics to suppress to known patterns the analyzer doesn't handle. What specific diagnostics in headers are you seeing? Are these in libcxx? We know we have at least one issue in <regex> that isn't being properly suppressed. But if there are others we'd love to hear about them. Repository: rL LLVM https://reviews.llvm.org/D30593 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
