[cfe-dev] [RFC][clang-tidy] Register warnings as check aliases

Gábor Horváth via cfe-dev cfe-dev at lists.llvm.org
Mon Oct 3 01:47:23 PDT 2016 

On 30 September 2016 at 16:14, Aaron Ballman <aaron at aaronballman.com> wrote:

> On Wed, Sep 28, 2016 at 3:44 AM, Gábor Horváth <xazax.hun at gmail.com>
> wrote:
> > Hi!
> >
> > I would like to propose that it should be possible to register compiler
> > warnings as clang-tidy check aliases.
>
> I think this is an excellent idea!
>
> > As a motivating example, there is a CERT C++ secure coding rule:
> ERR54-CPP
> > [1]
> >
> > This rule is covered by the clang warning: -Wexceptions
> >
> > So turning on this check in clang tidy would have two effects: turning on
> > -Wexceptions and display the result of -Wexceptions as ERR54-CPP hits.
>
> How do you envision the diagnostics being reported? For instance,
> would it be [cert-err54-cpp, -Wexceptions], [cert-err54-cpp], or
> [-Wexceptions]?
>

I think it should be either [cert-err54-cpp, -Wexceptions] or
[cert-err54-cpp]. In the warning it should be clear that there is a CERT
violation.


>
> Also, do you envision this overriding a flag if it's disabled? e.g.,
> would this diagnose, or silence the diagnostic?
>
> clang-tidy E:\SomeFile.cpp -checks=-*,cert-err54-cpp -- -std=c++14
> -Wno-exceptions
>

I would except the tidy flags to be "stronger" and overwrite the
compilation flags. The compilations flags most of the time reflect the
requirements of the builds and not the requirements of the additional
static analysis. What do you think?


>
> > In my opinion aliases like this would be a great usability improvement:
> >  - it would be easier to check the code against some coding guidelines.
> >  - it would be easier to check what rules are already covered.
> >  - it would be easier to find uncovered rules to implement.
> >
> > What do you think? Would you support a feature like that?
>
> I would love to see a feature like this, especially if it's something
> users can configure themselves with some sort of file-based
> configuration. This degree of flexibility would allow us to more
> easily maintain common rulesets like CERT, MISRA, JSF++, C++ Core
> Guidelines, etc while still giving users the ability to support custom
> rulesets without modifying the Clang source.
>

Do you mean registering an alias using a configuration file?

Regards,
Gábor


>
> ~Aaron
>
> >
> > Regards,
> > Gabor
> >
> > [1]:
> > https://www.securecoding.cert.org/confluence/display/
> cplusplus/ERR54-CPP.+Catch+handlers+should+order+their+
> parameter+types+from+most+derived+to+least+derived
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20161003/5b9cf714/attachment.html>

More information about the cfe-dev mailing list