[PATCH] D71963: clang-tidy doc: Add the severities description

Aaron Ballman via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jan 1 06:22:04 PST 2020 

aaron.ballman added a comment.

In D71963#1800102 <https://reviews.llvm.org/D71963#1800102>, @sylvestre.ledru wrote:

> ok, thanks!
>  I will remove them tomorrow or the next day.
>
> Do you have any guidance about the next steps to add them back?


Yes, sorry about failing to talk about it! I think this is worth an RFC that CCs some of the main folks from clang-tidy and the clang static analyzer to see if there's an appetite for supporting the concept. The RFC can include information like what problem this is solving, why we should pay the maintenance and review burden to support it, and some concrete heuristics for picking a severity as consistently as possible (what you have above is an okay start, but often won't lead to consistently picking a severity because of the overlap in the descriptions). As part of the RFC, it would be helpful if you pointed out how some of the coding standards we support calculate severities (if you can find the information) and how related tools like codechecker (etc) calculate severity to see if we can find a heuristic that works for us. If you don't have all of the answers in the RFC, that's fine -- the hope is to get the discussion going in the right directions, not to start off with a perfect solution.

In D71963#1800343 <https://reviews.llvm.org/D71963#1800343>, @sylvestre.ledru wrote:

> @aaron.ballman done in https://reviews.llvm.org/D72049
>
> By the way, when you say:
>
> > There are other models that exist and are maintained.
>
>
>
> > Other models are also pretty good.
>
> which lists do you have in mind?
> thanks


I know one reasonably well because I worked on the coding standard, which is CERT's way of calculating rule priorities based on several independent factors. More information can be found at: https://wiki.sei.cmu.edu/confluence/display/c/How+this+Coding+Standard+is+Organized#HowthisCodingStandardisOrganized-RiskAssessment but the heuristics are the same for the C++ coding standard as well. Also, it is common for static analysis tools to calculate severities for given check violations, so we may want to see if any of them document their heuristics.


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D71963/new/

https://reviews.llvm.org/D71963

More information about the cfe-commits mailing list