Not allowing disabling modeling chekcers in ClangSA

When a Clang Static Analyzer checker is disabled in CodeChecker,
clang is invoked with the "analyzer-disable-checker" flag.
This allows the user disabling core modeling checkers such as
unix.DynamicMemoryModeling. This causes malfunctioning of depending checkers.

After this patch, modeling checkers (listed with clang -cc1 -analyzer-checker-help-developer)
will not be listed and cannot be disabled through CodeChecker.

analyzer/codechecker_analyzer/analyzers/clangsa/analyzer.py

@@ -150,7 +150,8 @@ def get_analyzer_checkers(
         """Return the list of the supported checkers."""
         checker_list_args = clang_options.get_analyzer_checkers_cmd(
             cfg_handler,
-            alpha=True)
+            alpha=True,
+            debug=False)
         return parse_clang_help_page(checker_list_args, 'CHECKERS:', environ)
 
     @classmethod
@@ -227,16 +228,23 @@ def construct_analyzer_cmd(self, result_handler):
                     ['-Xclang', '-analyzer-config', '-Xclang', cfg])
 
             # Config handler stores which checkers are enabled or disabled.
+            disabled_checkers = []
+            enabled_checkers = []
             for checker_name, value in config.checks().items():
                 state, _ = value
                 if state == CheckerState.enabled:
-                    analyzer_cmd.extend(['-Xclang',
-                                         '-analyzer-checker=' + checker_name])
+                    enabled_checkers.append(checker_name)
                 elif state == CheckerState.disabled:
-                    analyzer_cmd.extend(['-Xclang',
-                                         '-analyzer-disable-checker=' +
-                                         checker_name])
+                    disabled_checkers.append(checker_name)
 
+            if len(enabled_checkers) > 0:
+                analyzer_cmd.extend(['-Xclang',
+                                     '-analyzer-checker=' +
+                                     ','.join(enabled_checkers)])
+            if len(disabled_checkers) > 0:
+                analyzer_cmd.extend(['-Xclang',
+                                     '-analyzer-disable-checker=' +
+                                     ','.join(disabled_checkers)])
             # Enable aggressive-binary-operation-simplification option.
             analyzer_cmd.extend(
                 clang_options.get_abos_options(config.version_info))

analyzer/codechecker_analyzer/analyzers/clangsa/clang_options.py

@@ -15,7 +15,7 @@
 LOG = get_logger('analyzer')
 
 
-def get_analyzer_checkers_cmd(cfg_handler, alpha=True, debug=True):
+def get_analyzer_checkers_cmd(cfg_handler, alpha=True, debug=False):
     """Return the checkers list getter command which depends on the used clang
     version.
 

analyzer/tests/functional/analyze/test_files/silencing.cc

@@ -0,0 +1,21 @@
+#include <stdlib.h>
+
+//We test this: CodeChecker check -d unix -b "g++ -c silencing.cc"
+//since the cplusplus.NewDelete checker depends on unix.Malloc
+//unix checkers are not allowed to be disabled (-analyzer-disable-checker) to prevent malfunctioning of depending checkers.
+
+void checkThatMallocCheckerIsRunning() {
+  malloc(4);
+
+  //The next warning is shown only with clang version earlier than 13.0.1 as the unix checkers cannot be disabled.
+  //In later versions the output of core, unix checkers are suppressed with silencing (silence-checkers)
+} //Potential memory leak [unix.Malloc]
+
+#define ZERO_SIZE_PTR ((void *)16)
+
+void test_delete_ZERO_SIZE_PTR() {
+  int *Ptr = (int *)ZERO_SIZE_PTR;
+  // ZERO_SIZE_PTR is specially handled but only for malloc family
+  // We get the next warning with and without the silencing feature.
+  delete Ptr; //Argument to 'delete' is a constant address (16), which is not memory allocated by 'new' [cplusplus.NewDelete]
+}