Mass Suppression of Analyzer Messages (disable generation of analyzer messages for legacy code)

 This article discusses the usage of mass suppression of analyzer messages in the Windows environment. The use of the appropriate functionality in Linux environment is described in the appropriate section of the document "How to run PVS-Studio on Linux".

Sometimes, during deployment of static analysis, especially at large-scale projects, the developer has no desire (or even has no means of) to correct hundreds or even thousands of analyzer's messages which were generated on the existing source code base. In this situation, the need arises to "suppress" all of the analyzer's messages generated on the current state of the code, and, from that point, to be able to see only the messages related to the newly written or modified code. As such code was not yet thoroughly debugged and tested, it can potentially contain a large number of errors.

If instead you want to hide only some individual messages (false positives for example), the false alarm suppression feature should be used instead. You should also remember that each individual type of diagnostic or an isolated group of analyzer messages could be hidden by utilizing the message filtering feature of the PVS-Studio output window.

Operation principles

Message suppression is based upon utilization of a special analyzer "message base" files (the files with suppress extension), which are located beside project files of your IDE (for example, vcproj and vcxproj files of Microsoft Visual Studio) or are added to project files as noncombilable items. These files contain analyzer messages marked as "suppressed" (marking analyzer messages through IDE plug-in interface will be described in the next section).

On every subsequent analysis of such a project by PVS-Studio, its IDE plug-in will be watching for such suppression files and in case such file is found, the messages contained in the "base file" will not appear in the analyzer's output. It should be also noted that modifying the source file upon which the messages were generated, the displacement of code lines in particular, would not result in the re-appearance of these messages. Only by modifying the code line at which the message was originally generated will make the message reappear, as such a message becomes the "new" one.

The "suppression base" files are stored in the simple XML format, which allows you to easily read\modify them, or even utilize these files at the level of your team through the revision control software.

Utilizing message suppression

To suppress analyzer messages you will first need to run your projects through the analyzer (PVS-Studio -> Check -> Solution). Next, open 'Suppress Analyzer Messages' window through the 'PVS-Studio -> Suppress Messages...' menu item

Figure 1 - message suppression

Click the 'Suppress All' button to mark all the analyzer messages that were generated during last analysis run or loaded from plog file. You can also suppress only messages visible in PVS-Studio output window by clicking 'Suppress Filtered' button. From example, you can suppress only Low Certainty (Level 3) messages to concentrate on higher severity messages.

After confirmation all of the messages will be appended to the 'suppress' files for the corresponding projects. The 'Active suppress files' list show all of the 'suppress' files for the solution that is currently open in Visual Studio. Messages from individual suppression files can be un-suppressed by selecting them and pressing 'Un-suppress from Selected' button.

Suppressed messages will not appear in the output window during subsequent analyzer runs, which will allow you to concentrate more on a newly written code. However, despite these messages not appearing on the list, they are actually still in there.

To enable the display of the messages marked as 'suppressed', use the 'Display Suppressed Messages in PVS-Studio Output Window' checkbox (figure 1). The suppressed message will be displayed in the list as strikethrough ones. You can un-mark the message by 'Un-Suppress Selected Messages' item from the context menu.

Figure 2 - removing messages from "suppressed"

The 'suppression' mark will be removed from the selected messages, and these messages themselves will be removed from the 'suppress' base files, if the corresponding project is opened inside the IDE.

After the file is generated, you can add it to the corresponding project as noncompilable\text item with 'Add|Existing Item...' menu command. If the project includes at least one suppress file, the files besides the project file itself are ignored. Adding suppress files to projects allows you to keep suppress files and project files in different directories. Only one suppress file per project is supported - others will be ignored.

Adding suppress files to Visual Studio solution

You can add a suppress file to a solution. You can do this with 'Add|New Item...' menu command. The same as for projects, only one suppress file per solution is supported - the rest ones will be ignored.

Solution-level suppress file allows you to suppress messages from all of the projects in the corresponding solution. In case projects possess individual suppress files, the analyzer will take into account both warnings suppressed in a suppress file of the solution, and in a suppress file of a project.

When suppressing warnings in case a solution contains a suppress file, the following rules are applied:

• if only a solution contains a suppress file, warnings are suppressed only into it - project-level suppress files are not created;
• if both solution and project contain suppress files, warnings will be suppressed into both of these files.

Suppressing analyzer messages from command line

The message suppression could be also used directly from the command line. The command line tool PVS-Studio_Cmd.exe will by automatically pick up existing suppress files during analysis. The tool can also be used to suppress analyzer messages that were saved into a plog file. To suppress messages from an existing plog file, the PVS-Studio_Cmd.exe should be started with '--suppressAll' flag. For example (in a single line):

"C:\Program Files (x86)\PVS-Studio\PVS-Studio_Cmd.exe"
-t "Solution.sln" -o "results.plog" --suppressAll SuppressOnly

The execution of this command will generate suppress files for all projects from Solution.sln, for which the analyzer messages were generated in results.plog.

The '--suppressAll' flag supports 2 modes of operation. SuppressOnly will run the suppression for the input plog without starting the analysis. AnalyzeAndSuppress will run the analysis first, save the output plog, and only after that the tool will suppress all the messages from this log. This mode allows you to have only the newly generated messages in each subsequent run of the analyzer (as messages from previous runs will be suppressed).

336
12 743