Mass suppression of analyzer warnings (disabling warnings for existing code)


Mass suppression of analyzer warnings can be useful in the following scenarios:

  • PVS-Studio is introduced in a project for the first time and issues a large number of warnings for the entire code. The development manager decides to initiate regular usage of the analyzer only for newly written code and to return to warnings on the current code later.
  • PVS-Studio is used in the project on a regular basis. During the development process false positives get in the analyzer report, and you want to suppress them without modifying source code files.

In such cases, analyzer warnings can be suppressed in a special way so that they won't get into newly generated reports. This mode doesn't require modification of the project's source files.

The analyzer supports the analysis of source code in C, C++, C# and Java programming languages. The analysis can be performed under Windows, Linux and macOS. In this regard, ways of warning suppression might differ depending on the used platform and projects' type. For this reason, please go to the section that suits you and follow the given instruction.

Principle of operation

Mechanism of warning suppression is based on using special files, which are added next to the project (or in any specified place). These files contain messages, tagged for this project as "unnecessary". We should note that modification of the source file that contains the tagged messages, and, in particular, line shift, will not lead to the re-emergence of these messages. However, the edit of the line containing this analyzer message can lead to its repeated occurrence, since this message has already become "new".

Windows: Visual Studio (C, C++ and C# analysis)

For Microsoft Visual Studio, you can use the PVS-Studio plugin, which conveniently integrates in IDE. It allows you to check the entire solution, specific projects or files, and it also supports incremental analysis.

Picture 4

In PVS-Studio menu, the Suppress Messages section opens a window for working with suppressed analyzer warnings.

Picture 15

In that window, several actions are available:

  • Suppress All – suppresses all of the analyzer's warnings;
  • Suppress Filtered - suppresses only the warnings that are currently displayed in the PVS-Studio results window, excepting the messages that are filtered out;
  • Un-Suppress from Selected - restores suppressed warnings for selected projects;
  • Display Suppressed Messages - displays suppressed analyzer warnings in the PVS-Studio Output Window together with the rest of the warnings. In this mode, you can return to fixing previously suppressed warnings. Such messages will be marked in a special way (crossed out) to avoid confusing them with the un-suppressed ones.

A special window can be used to view analysis results in Visual Studio.

Picture 10

This window allows navigating along analyzer warnings and jump to the code to fix them. The PVS-Studio window provides a wide range of options for filtering and sorting the results. It is also possible to quickly navigate to the documentation of the selected diagnostic.

Additional actions for each message are available in the context menu by clicking the right mouse button on the message.

Picture 8

The command for suppressing a selected warning is available here. When opening the menu on an already suppressed warning, the option for restoring it will also be available.

In the same way you can also remove the "suppressed warning" mark, by using the 'Un-Suppress Selected Messages' context menu item. Selected warnings will be un-suppressed and they will be removed from the suppress files in case if the corresponding project is opened in the IDE.

Adding suppress files to MSBuild \ Visual Studio projects

After creating a suppress file you can add it to the project as a noncompiled/text file, using the 'Add|Existing Item...' menu command. If a project includes at least one suppress file, then files next to the project file itself will be ignored. This allows keeping suppress and project files in different directories. We support adding of only one suppress file per project - the rest will be ignored.

Adding suppress files to Visual Studio solution

You can add a suppress file to the solution. You can do this by selecting 'Add|New Item...' command. The same as for projects, only one suppress file is supported - the rest will be ignored.

Suppress file of the solution level allows suppressing warnings in all projects of the corresponding solution. If projects have separate suppress files, the analyzer will take into account both warnings suppressed in a suppress file of the solution, and in a suppress file of a project.

When suppressing files in cases when a suppress file is added in solution, the following rules are applied:

  • if a suppress file is added only to solution, warnings are suppressed only in it - suppress files of the project level aren't created;
  • if suppress files are added both in a solution and a project, warnings will be suppressed in both files.

Suppressing of analyzer warnings from a command line

Warnings suppression can also be used right from a command line. The command-line PVS-Studio_Cmd.exe utility automatically catches up existing suppress files when running an analysis. It can also be used to suppress previously generated analyzer warnings saved in a plog file. To suppress warnings from an existing plog file, run PVS-Studio_Cmd.exe with the '--suppressAll' flag. For example (in one line):

"C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe"
-t "Solution.sln" -o "results.plog" --suppressAll SuppressOnly

Execution of this command will generate suppress files for all of the projects in the Solution.sln for which warnings in results.plog have been generated.

The '--suppressAll' flag supports 2 modes. 'SuppressOnly' will run suppression for the given plog without restarting the analysis. 'AnalyzeAndSuppress' will first perform the analysis, write an output plog file, and only after that it will suppress all of the warnings from it. In this mode, we'll see only new analyzer warnings on every analysis run thereafter (as warnings from previous runs will be suppressed).

Windows: C and C++ Compiler Monitoring UI

PVS-Studio on Windows can be used not only for MSBuild \ Visual Studio projects. Using compiler monitoring system, you can run static analysis for all types of projects that use one of the compilers supported by PVS-Studio C++.

When running the analysis after build monitoring, using the command

clmonitor.exe analyze --useSuppressFile %PathToSuppressFile%

you can pass a path to suppress file that will be used during the analysis, via the additional '--useSuppressFile' (-u) flag.

Besides the command line CLMonitor.exe tool, you can also use compiler monitoring through the C and C++ Compiler Monitoring UI tool. This tool allows you to check code regardless of the used compiler or build system, and then lets you work with the analysis results by providing a user interface similar to the PVS-Studio plugin for Visual Studio.

Picture 18

However, if you have a project which can be opened in Visual Studio, we recommend using the PVS-Studio plugin for Visual Studio to view the analysis results. The reason for it is that capabilities of a built-in code editor in Compiler Monitoring UI are far more limited than the code editor of Visual Studio. To open analysis report in Visual Studio, you can save the analyzer report in Compiler Monitoring UI, then reopen it.

The menu for running the analysis and suppressing warnings looks as follows.

Picture 17

After clicking "Analyze Your Files" menu item, you will see the "Compiler Monitoring (C and C++)" window.

Picture 16

To filter analyzer warnings, you need to specify a file with suppressed warnings before starting the analysis. You can create and maintain such file through the "Message Suppression..." menu, which is the same as the one presented in the section about Visual Studio. After the analysis is finished, only new errors will be shown in the PVS-Studio output window. Without specifying the file, the analyzer will show all the results.

Projects in C and C++ on Linux/macOS

Under Linux and macOS, the commands for suppression and filtration of analyzer warnings can only be performed from the command line. If necessary, this process can be automated on a server that performs an automated analyzer launch. There are several ways of using this mechanism, depending on the way of analyzer integration.

Analysis using pvs-studio-analyzer utility

To suppress all of the analyzer's warnings (first time and in subsequent cases), you need to execute the command:

pvs-studio-analyzer suppress /path/to/report.log

Analysis of the project can be performed as always. At the same time, the suppressed warnings will be filtered out:

pvs-studio-analyzer analyze ... -o /path/to/report.log
plog-converter ...

This way, the suppressed warnings will be saved in the current directory, in a file named suppress_base.json, which should be stored with the project. New suppressed warnings will be appended to this file. If there is a need to specify a different name or location of the file, then the commands above may be supplemented by specifying the path to the file with suppressed warnings.

Direct integration of the analyzer into the build system

Direct integration of the analyzer might look like this:

.cpp.o:
  $(CXX) $(CFLAGS) $(DFLAGS) $(INCLUDES) $< -o $@
  pvs-studio --cfg $(CFG_PATH) --source-file $< --language C++
     --cl-params $(CFLAGS) $(DFLAGS) $(INCLUDES) $<

In this integration mode, the C++ analyzer core is called directly, so the analyzer cannot perform analysis on the source files and filter them at the same time. So, filtration and warnings suppression would require additional commands.

To suppress all the warnings, you must run the command:

pvs-studio-analyzer suppress /path/to/report.log

To filter a new analysis log according to the previously generated suppression file, you will need to use the following commands:

pvs-studio-analyzer filter-suppressed /path/to/report.log
plog-converter ...

The default name for the file with the suppressed warnings remains as suppress_base.json, and can be changed, if necessary.

Java projects under Windows/Linux/macOS

Warnings suppression in IntelliJ IDEA

You can use a special window to view analysis results in IntelliJ IDEA.

Picture 7

This window allows navigating along found warnings and jumping to the source code, to fix these warnings. PVS-Studio window provides a wide range of options for filtering and sorting the results. It is also possible to quickly navigate to the documentation of the selected analyzer rule.

Additional options of working with each warning are available in the context menu by clicking the right button on the warning itself. The command for suppressing a selected warning is also available here.

Picture 6

PVS-Studio plugin for IntelliJ IDEA also allows you to suppress all of the generated messages in one click.

Picture 5

By default, a suppression file is available at {projectPath}/.PVS-Studio/suppress_base.json, but you can change this path in the settings of the plugin.

Picture 3

Whichever suppression method you use, the suppressed warnings will not appear in the subsequent analysis reports.

Suppression of analyzer warnings in Gradle

To suppress all of the warnings, use this command:

./gradlew pvsSuppress "-Ppvsstudio.report=/path/to/report.json"
  "-Ppvsstudio.output=/path/to/suppress_base.json"

Suppression of analyzer warnings in Maven

To suppress all of the warnings, use this command:

mvn pvsstudio:pvsSuppress "-Dpvsstudio.report=/path/to/report.json"
  "-Dpvsstudio.output=/path/to/suppress_base.json"

Direct Integration of the Analyzer in the Build System

To suppress all of the warnings, use this command:

java -jar pvs-studio.jar --convert toSuppress
  --src-convert "/path/to/report.json"
  --dst-convert "/path/to/suppress_base.json"

Suppression of analyzer warnings in SonarQube

SonarQube (formerly Sonar) is an open source platform designed for continuous inspection and measurement of code quality. SonarQube combines the results of the analysis to a single dashboard, keeping track of the history of previous analysis runs, which allows you to see the overall trend of software quality during development. An additional advantage is the ability to combine results of different analyzers.

So, after getting the analysis results from one or more analyzers, you should go to the list of warnings and click the "Bulk Change" button, which opens the following menu.

Picture 2

In this window, you can mark up all warnings of the analyzer as "won't fix" and further work only with new errors.

What can I do after suppressing all warnings?

Configure static analysis on the build server and developers' computers. Regularly correct new analyzer warnings and do not let them accumulate. It is also worth planning a review to correct suppressed warnings in the future.

Additional control over code quality can be achieved by sending results via mail. It is possible to send warnings to only those developers who had written erroneous code using BlameNotifier tool, which is included in PVS-Studio distribution.

For some users it may be convenient to view results in Jenkins or TeamCity using the PVS-Studio plugin, and send a link to such a page.

Additional links

This section describes all the possible ways of suppressing analyzer warnings at the moment. The collected material is based on the documentation for the PVS-Studio analyzer, but the details on that topic were considered more than in documentation. General information may not be very informative for new users, so you should check out the documentation below.


Bugs Found

Checked Projects
344
Collected Errors
12 970