Comments (7)
This is interesting, I haven't thought about cases like this. Thank you for bringing this up, @kees-jan.
I don't have a recommendation here at the moment, and I would like to hear your suggestions.
One raw idea pops up in my mind is to discard largely used RAII style constructors, like std::lock_guardstd::mutex and boost::mutex::scoped_lock, and at the same time, be able to let users append new identifiers into this list.
Look forward to learning from you.
from oclint.
I am not very up-to-date on the state of the art in static code checkers, so I hoped there would be some standard way to deal with this. Absent that, I was also thinking along the lines of a whitelist, allowing some variables to be left unused. Like you say, the user should be able to extend the list.
There's (in my opinion) two important requirements for this whitelist feature to be practical.
- It should support templates.
boost::scoped_lock
is typedeffed fromboost::unique_lock<boost::mutex>
, and you'd want to allow the general case ofboost::unique_lock<T>
to be unused. - Whether a variable is allowed to be unused, should depend on the constructor called. It makes sense for
boost::unique_lock<T> lock(lockable);
to be unused, but that would not be the case for
boost::unique_lock<T> lock(lockable, boost::defer_lock);
or
boost::unique_lock<T> lock(lockable, boost::try_to_lock);
they both should be used, or something is likely wrong
Of course, this is a wishlist for a final solution. Any subset of the above would be a welcome first step
from oclint.
Thank you @kees-jan for your suggestions. I agree with your ideas.
I have spent some time on this issue today, unfortunately I don't think we are ready to have whitelist for the coming release. Instead, I have enabled suppress feature to this rule, as a compromise, you need to add the annotations like
boost::mutex::scoped_lock lock __attribute__((annotate("oclint:suppress[unused local variable]"))) (mut);
to suppress the warning.
But we could definitely plan it in the future release. Based on my current understanding, here are some technical details as a note-
- Need to have a better understanding on the generic pattern for RAII, and how to refine the essential information from AST context, so that we could compare it with RAII pattern precisely. UnusedLocalVariableRuleTest.cpp has the AST dump of the VarDecl nodes for reference.
RuleConfiguration
is a key/value structure and currently supportsint
,double
, andstring
types as values.vector
type needs to be added to the support, so that we could maintain a list of the constructors that we would like to skip.- Syntactic format for the whitelist. Since we need to use
RuleConfiguration
, so the flag looks like something like-rc RAII_WHITELIST=std::lock_guard(mutex_type&)
? How to define the standard? It doesn't make sure to have another parser inside a rule just to understand this. It may introduces unnecessary complexity and confuses users. I would rather keep it simple, and ask users kindly suppress the warning for now until we have figured out a good way to do this. - A collection of well-known RAIIs that need to be suppressed by default. RAIIs like
std::lock_guard
is a good candidate, butstd::ofstream
is not.
I will remove the original milestone from this issue, but I will leave this issue open and urge for discussions and suggestions.
from oclint.
lock
is in fact used (invisibly) when it goes out of scope to call the destructor.
The approach I would take is: Don't report objects that have an explicit (maybe non-empty?) destructor, or contain members with such a destructor. This would inevitable lead to (probably lots of) false negatives (including the examples @kees-jan points out), but I don't see any other way of reliably detecting truly unused C++ variables.
Ah, the downsides of programming by side effects... :(
But do we need OCLint to implement this warning at all? Does it offer an advantage over clang's -w-unused-variable
. Or is it perhaps possible to leverage that flag for OCLint's output?
from oclint.
Don't report objects that have an explicit (maybe non-empty?) destructor, or contain members with such a destructor.
This might be a good starting point, but probably have to deal with some edge cases.
This would inevitable lead to (probably lots of) false negatives
Balancing between false positive and false negatives is always a theme for static code analysis tools. For the record, we always want to pursue more accurate results. However, when I have to choose between false positive and false negative, I might personally be okay with false positive if the tool provides a good approach for me to suppress the false positives.
In users' perspective, I hope the tool could tell me something whenever it feels something fishy, if the tool is wrong, at least, with manual intervene, I can communicate with the tool to teach it stop reporting false positives. However, if something is wrong, but the tool doesn't notify me, then I probably even will never aware of it - this probably will lead me into bigger trouble eventually, which I want to avoid.
the downsides of programming by side effects
And the fun of programming!
clang's
-w-unused-variable
This might be a very old rule in OCLint project, maybe it was introduced before clang has the same feature. But I would like to take a look at how clang handles this part, maybe we can leverage it, maybe we can come up with something better.
Thank you a lot, @nschum, it always be good to have discussions with you.
from oclint.
+1 on this issue. Would be very useful to have this.
from oclint.
This is addressed in #249, so I am closing this one.
from oclint.
Related Issues (20)
- report has many compiler error but Xcode is Normal compilation success HOT 4
- Break and fallthru HOT 2
- “oclint-22.02” can’t be opened because Apple cannot check it for malicious software. HOT 2
- undefined reference to std::_Sp_make_shared_tag::_S_eq(std::type_info const&) HOT 5
- Compile successfully but report has many compiler error but Xcode is Normal compilation success HOT 13
- lLVVM Error HOT 2
- project use MMKV lib could analyse error HOT 5
- How do I use the same compiler as Xcode? HOT 6
- what version are clang and llvm oclint version 22.02? HOT 2
- Crash on Xcode 14 when used via Fastlane HOT 2
- xcodebuild failed when use OCLint in Xcode HOT 6
- xcode14 not work HOT 3
- oclint doesn't work: a lot of compiler errors in oclint_result.html. Xcode 14.1 oclint 22.02 HOT 16
- sonar-reports/SonarDemo-oclint.xml' failed with error code: 6 HOT 2
- Request for enhancement: Upgrade OCLint to LLVM 15.0.7, moving away from the prior version, LLVM 13.0.0 HOT 2
- OClint on windows 10 HOT 2
- Please upgrade oclint to llvm14.0 HOT 16
- Feature request: adjust threshold for one function HOT 2
- oclint: error: compilation contains multiple jobs: OCLint 22.02 + MacOS Ventura 13.0 + XCode 14.3 HOT 11
- Xcode14.3,OCLint: 20.11 oclint: error: compilation contains multiple jobs: HOT 22
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oclint.