<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On 30 September 2016 at 16:14, Aaron Ballman <span dir="ltr"><<a href="mailto:aaron@aaronballman.com" target="_blank">aaron@aaronballman.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-">On Wed, Sep 28, 2016 at 3:44 AM, Gábor Horváth <<a href="mailto:xazax.hun@gmail.com">xazax.hun@gmail.com</a>> wrote:<br>
> Hi!<br>
><br>
> I would like to propose that it should be possible to register compiler<br>
> warnings as clang-tidy check aliases.<br>
<br>
</span>I think this is an excellent idea!<br>
<span class="gmail-"><br>
> As a motivating example, there is a CERT C++ secure coding rule: ERR54-CPP<br>
> [1]<br>
><br>
> This rule is covered by the clang warning: -Wexceptions<br>
><br>
> So turning on this check in clang tidy would have two effects: turning on<br>
> -Wexceptions and display the result of -Wexceptions as ERR54-CPP hits.<br>
<br>
</span>How do you envision the diagnostics being reported? For instance,<br>
would it be [cert-err54-cpp, -Wexceptions], [cert-err54-cpp], or<br>
[-Wexceptions]?<br></blockquote><div><br></div><div>I think it should be either [cert-err54-cpp, -Wexceptions] or [cert-err54-cpp]. In the warning it should be clear that there is a CERT violation.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Also, do you envision this overriding a flag if it's disabled? e.g.,<br>
would this diagnose, or silence the diagnostic?<br>
<br>
clang-tidy E:\SomeFile.cpp -checks=-*,cert-err54-cpp -- -std=c++14<br>
-Wno-exceptions<br></blockquote><div><br></div><div>I would except the tidy flags to be "stronger" and overwrite the compilation flags. The compilations flags most of the time reflect the requirements of the builds and not the requirements of the additional static analysis. What do you think?<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
> In my opinion aliases like this would be a great usability improvement:<br>
> - it would be easier to check the code against some coding guidelines.<br>
> - it would be easier to check what rules are already covered.<br>
> - it would be easier to find uncovered rules to implement.<br>
><br>
> What do you think? Would you support a feature like that?<br>
<br>
</span>I would love to see a feature like this, especially if it's something<br>
users can configure themselves with some sort of file-based<br>
configuration. This degree of flexibility would allow us to more<br>
easily maintain common rulesets like CERT, MISRA, JSF++, C++ Core<br>
Guidelines, etc while still giving users the ability to support custom<br>
rulesets without modifying the Clang source.<br></blockquote><div><br></div><div>Do you mean registering an alias using a configuration file?<br><br></div><div>Regards,<br></div><div>Gábor<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-HOEnZb"><font color="#888888"><br>
~Aaron<br>
</font></span><div class="gmail-HOEnZb"><div class="gmail-h5"><br>
><br>
> Regards,<br>
> Gabor<br>
><br>
> [1]:<br>
> <a href="https://www.securecoding.cert.org/confluence/display/cplusplus/ERR54-CPP.+Catch+handlers+should+order+their+parameter+types+from+most+derived+to+least+derived" rel="noreferrer" target="_blank">https://www.securecoding.cert.<wbr>org/confluence/display/<wbr>cplusplus/ERR54-CPP.+Catch+<wbr>handlers+should+order+their+<wbr>parameter+types+from+most+<wbr>derived+to+least+derived</a><br>
</div></div></blockquote></div><br></div></div>