This topic explains how to prevent C/C++test from reporting selected static analysis violations.

Sections include:

About Suppressions

Suppressions are used to prevent C/C++test from reporting selected occurrences of a static analysis violations. You use suppressions for situations when you generally want to follow a rule, but decide to ignore specific occurrences of the reported task.

Suppressions can be stored in source code or in local suppression files, which can be checked in the source control system so that they are shared across the team. You can use the Parasoft GUI to create suppressions or manually add information about suppressions in your source code or suppression files. In addition, suppressions can be defined programmatically through a configuration file.

Suppressing false positives in MISRA compliance workflows

If you implement a workflow for achieving compliance with the MISRA standard, you can exclude false positive violations from MISRA Compliance reports created on DTP. When you suppress a violation and specify a reason for suppression that begins with "false positive", the violation will not be included in MISRA Compliance reports. See the DTP User Guide for details about the Parasoft compliance solution.

Defining Suppressions in the GUI

To suppress a static analysis task that is shown in the Quality Tasks view:

  1. Right-click a Quality Tasks view item that represents the task you want to suppress, then choose Suppress Task... from the menu.
    To suppress more than one task, right-click the node that represents a group of tasks (a rule category, a specific rule, a file), then choose Suppress All Tasks
  2. Choose where the suppressions will be stored. You can select one of the following options:
    - Suppress in suppression file - The suppression will be stored in a parasoft.suppress file located in the same directory as the corresponding source file. See Defining Suppressions in Suppression Files for details.
    - Suppress in source code - The selected task will be suppressed in code and shared across the team when checked in your source control system.
  3. Enter the reason for suppression.
  4. Click OK to complete suppression. The suppressed task(s) will be removed from the Quality Tasks view.

Defining Suppressions in Suppression Files

You can suppress the reporting of selected findings by creating parasoft.suppress files that specify the attributes of findings you want to suppress. A suppression file should either be located in the same directory as the source file that contains the findings, or you can specify its location using the suppression.infile.location system property (in the .properties file). This option specifies the location of a suppression file that will be used for suppressing violations both in the CLI and IDE. A location can be defined:

  • as an absolute path to a file
  • using attributes: ${file_name}, ${file_loc} and ${project_loc}, e.g. ${file_loc}/parasoft.suppress

For example: suppression.infile.location=C:/parasoft/suppression/storage/parasoft.suppress

You can define in-file suppressions in one of the following ways:

  • By manually creating parasoft.suppress files where you can add suppression entries.

  • By choosing the Suppress in suppression file option in the GUI (see Defining Suppressions in the GUI).Newly created suppression files are automatically included in your project and displayed in the file tree in the IDE along with other project files.

We recommend that suppression files be checked in your source control system. This allows you to share information about suppressions with other team members and easily review the suppressions on a branch in your SCM repository before merging the code into the main stream of development, such as "master", "trunk', etc.

Use the following format to add suppression entries to parasoft.suppress files:

suppression-begin
file: Account.cpp                 (required)
line: 12                          (optional)
rule-id: CODSTA-4                 (optional)
message: Exact violation message  (optional)
reason: Approved                  (optional)
author: devel                     (optional)
date: 2020-09-21                  (optional)
suppression-end

Example:

At a minimum, you must specify the source file where the problem was detected. This will suppress all findings reported for the specified file. In the following example, all findings detected in the Account file will be suppressed:

suppression-begin
file: Account.cpp
suppression-end

You can use the following wildcards and other parameters to specify the file path (this is especially helpful when a non-default location of the parasoft.suppress file is configured in the .properties file):

ParameterDescription
?Wildcard that matches one character (any character except path separators)
*Wildcard that matches zero or more characters (not including path separators)
**Wildcard that matches zero or more path segments.
/Separator for all operating systems
"[non-alphanumeric characters]"Use quotation marks when paths contain spaces or other non-alphanumeric characters.

Other attributes are optional and help you fine-tune the suppression. In the following example, all findings that the PB.TYPO.TLS rule detected in the Account file are suppressed, regardless on which code line they occur:

suppression-begin
file: Account.cpp
rule-id: PB.TYPO.TLS
reason: false positive
suppression-end

Notes

  • It is a good practice to specify the reason for suppression.
  • The line attribute should be used with caution as it may invalidate the suppression if the code is moved to another line when the source file is modified.
  • The following values are supported for the rule-id attribute:
    <rule-id>|<rule-category>|ALL
    For example:

    • Suppress rule PB.TYPO.TLS:

      suppression-begin
file: **/autogenerated/*
rule-id: PB.TYPO.TLS
suppression-end
    • Suppress all rules in category CODSTA:
      suppression-begin
file: **/autogenerated/*
rule-id: CODSTA
suppression-end
    • Suppress all rules in category CODSTA with severity level 4 and lower:
      suppression-begin
file: **/autogenerated/*
rule-id: CODSTA-4
suppression-end
    • Suppress all rules:
      suppression-begin
file: **/autogenerated/*
rule-id: ALL
suppression-end
  • In the message attribute, the following wildcards are supported:
    • ? - Any character
    • * - Any sequence of characters

Defining Suppressions in Source Code

When suppressions are defined in source code:

  • You ensure that the same suppressions are applied whenever you or a team member tests that code.
  • You can add code comments explaining each suppressions, so the reason for each suppression is always clear when you or team members are reviewing the code.
  • You gain fine-grained control over which rules are enforced at the file, class, or line level.

You can define suppressions in source code either by choosing the appropriate option in the GUI (see Defining Suppressions in the GUI) or by manually them manually in source code – using the following suppression syntax.

Line Suppression

Line suppression allows for suppressing violations in a single line. The suppression comment must be specified at the end of the line of code where the violation occurs, using the following syntax:

// parasoft-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"

Examples:

int proc1(bool a, bool b, int i)
{
	if (a | b) // parasoft-suppress CERT_C "suppress all rules in category CERT_C"
	if (b = a)// parasoft-suppress CERT_C-EXP45 "suppress rule CERT_C-EXP45"
	{
		std::string emptyString1 = ""; // parasoft-suppress JSF-3 "suppress all rules in category Joint Strike Fighter with severity level 3"
	}
	else
	{
		std::string emptyString2 = ""; // parasoft-suppress CERT_C-DCL00 JSF-043 JSF-051 "suppress multiple rules"
	}
	return i++;                // parasoft-suppress ALL "suppress all rules"
}

Next Line Suppression

Next line suppression allows for suppressing violations in a single line. The suppression comment must be specified just before the line of code where the violation occurs, using the following syntax:

// parasoft-suppress-next-line <rule-id>|<rule-category>|ALL "<suppression comment>"

Other comments or empty lines are not allowed between the suppression comment and the line that contains the suppressed findings. The only exception is when a list of next line suppressions is specified:

// parasoft-suppress-next-line AUTOSAR-A7_1_1-a "reason for suppression AUTOSAR-A7_1_1-a"
// parasoft-suppress-next-line AUTOSAR-A7_1_1-b "reason for suppression AUTOSAR-A7_1_1-b"
// parasoft-suppress-next-line AUTOSAR-A8_5_2-a "reason for suppression AUTOSAR-A8_5_2-a"
... code line ...

In this case, all suppressions will be applied to the first line after the last suppression comment.

Examples:

int proc1(bool a, bool b, int i)
{
	// parasoft-suppress-next-line CERT_C "suppress all rules in category CERT_C"
	if (a | b)
 	// parasoft-suppress-next-line CERT_C-EXP45 "suppress rule CERT_C-EXP45"
	if (b = a)
	{
		// parasoft-suppress-next-line JSF-3 "suppress all rules in category Joint Strike Fighter with severity level 3" 
		std::string emptyString1 = "";
	}
	// parasoft-suppress-next-line ALL "suppress all rules" 
	return i++;
}

Block Suppression

Block suppression allows for suppressing violations in a block of code. The suppression begin/end comments must be specified before/after the block of code where the violations occur, using the following syntax:

// parasoft-begin-suppress <rule-id>|<rule-category>|ALL "<suppression comment>"
... code block ...
// parasoft-end-suppress   <rule-id>|<rule-category>|ALL "<suppression comment>"

The 'parasoft-begin-suppress' and 'parasoft-end-suppress' comments must be in separate lines.

Examples:

int proc2(bool a, bool b, int i)
{  
    // parasoft-begin-suppress CERT_C "begin suppress all rules in category CERT_C"
    if (a | b)                         
        if(b = a)
    // parasoft-end-suppress CERT_C "end suppress all rules in category CERT_C"
        {
            std::string emptyString1 = "";   
        }
    return i++;                        
}
 
int proc3(bool a, bool b, int i)
{  
    if (a | b)
        // parasoft-begin-suppress CERT_C-EXP45 "begin suppress rule CERT_C-EXP45"
        if(b = a)
        // parasoft-end-suppress CERT_C-EXP45 "end suppress rule CERT_C-EXP45"
        {
            std::string emptyString1 = "";   
        }
    return i++;                        
}
 
int proc4(bool a, bool b, int i)
{  
    // parasoft-begin-suppress JSF-3 "begin suppress all rules in category Joint Strike Fighter with severity level 3"
    if (a | b)
        if(b = a)
        {
            std::string emptyString1 = "";   
        }
    return i++;
    // parasoft-end-suppress JSF-3 "end suppress all rules in category Joint Strike Fighter with severity level 3"
}
 
// parasoft-begin-suppress ALL "begin suppress all rules"
int proc5(bool a, bool b, int i)
{
    if (a | b)
        if(b = a)
        {
            std::string emptyString1 = "";   
        }
    return i++;
}
// parasoft-end-suppress ALL "end suppress all rules"

To suppress multiple rules in a file, include the following at the beginning/end of the file: 

// parasoft-begin-suppress CERT_C-DCL00 JSF-043 JSF-051 "begin suppress multiple rules"
.....
// parasoft-end-suppress CERT_C-DCL00 JSF-043 JSF-051 "end suppress multiple rules"

The following suppression directives are deprecated:

  • parasoft off: Suppresses the reporting of all static analysis violations that occur between this line of code and the end of the file.
  • parasoft on: Unsuppresses the reporting of all static analysis violations that occur between this line of code and the end of the file.
  • parasoft suppress/unsuppress [line <linewildcard>][class <classnamewildcard>][file <filenamewildcard>] [item <ruleid>][type <severity>] [reason <comment>]: Creates a suppression with the desired parameters.

Notes

  • It is a good practice to specify the reason for suppression.
  • The following rule patterns are supported:
    <rule-id>|<rule-category>|ALL
    For example (the following examples are for suppressing violations in a single line):

    • Suppress rule PB.TYPO.TLS:

      // parasoft-suppress PB.TYPO.TLS
    • Suppress all rules in category CODSTA:
      // parasoft-suppress CODSTA
    • Suppress all rules in category CODSTA with severity level 4 and lower:
      // parasoft-suppress CODSTA-4
    • Suppress multiple rules:
      // parasoft-suppress CERT_C-DCL00 JSF-043 JSF-051
    • Suppress all rules:
      // parasoft-suppress ALL

Defining Line Suppressions Based on Regex Patterns

You can configure C/C++test to automatically suppress static rule violations that are detected on lines that match a regular expression pattern. This may be useful when you want to suppress tasks that are difficult to suppress using the in-line or in-code suppressions, such as Qt macros.

To define regular expressions patterns to specify the code lines:

  1. Create an advanced settings file that includes the following C/C++test's advanced settings:

    cpptest.result.line.suppressions.enabled=true          // Enables creating regex-based suppressions.
cpptest.result.line.suppressions.pattern=[regex<rule-id|rule-category|ALL>;regex<rule-id|rule-category|ALL>] // Specifies a semicolon-separated list of regex patterns.

    Note: The <> brackets are only required if you want to specify rules. The rule specifiers can also be comma-separated list.

  2. Specify the path to the advanced settings. See Configuring an Advanced Settings File.

Static rule violations that occur on lines that match the configured regex pattern(s) will be suppressed. For example, the following configuration will suppresses all findings detected on code lines that contain "Q_" anywhere on the line.

cpptest.result.line.suppressions.enabled=true
cpptest.result.line.suppressions.pattern=.*Q_.*<OPT>

Handling Deprecated Suppressions

Storing suppressions in the XML-style format is no longer supported. If there are unsupported suppressions available for your project that you want to migrate to the new format, please contact Parasoft Support.


  • No labels

Need assistance? Visit our support page