[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )

Aaron Ballman via cfe-commits cfe-commits at lists.llvm.org
Sun Aug 14 13:37:13 PDT 2016

aaron.ballman added inline comments.

Comment at: clang-tidy/cert/LimitedRandomnessCheck.cpp:22-23
@@ +21,4 @@
+  Finder->addMatcher(
+      declRefExpr(hasDeclaration(functionDecl(namedDecl(hasName("::rand")),
+                                              parameterCountIs(0))))
+          .bind("randomGenerator"),
Prazek wrote:
> aaron.ballman wrote:
> > This should be looking at a callExpr() rather than a declRefExpr(), should it not?
> I was also thinking about this, but this is actually better, because it will also match with binding rand with function pointer.
True, but a DeclRefExpr doesn't mean it's a function call. Binding the function is not contrary to the CERT rule, just calling it. For instance, the following pathological case will be caught by this check:
if (std::rand) {}
The behavior of this check should be consistent with cert-env33-c, which only looks at calls. (If we really care about bound functions, we'd need flow control analysis, and I think that's overkill for both of those checks, but wouldn't be opposed to someone writing the flow analysis if they really wanted to.)



More information about the cfe-commits mailing list