[PATCH] D35068: [analyzer] Detect usages of unsafe I/O functions
Gábor Horváth via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 8 01:30:17 PDT 2017
xazax.hun added a comment.
In https://reviews.llvm.org/D35068#811437, @NoQ wrote:
> It'd look good in clang-tidy (especially if extended to provide fixits), but if Daniel is interested in having this feature in the analyzer (and picked by clang-tidy from there), i wouldn't mind.
>
> I wonder how noisy this check is - did you test it on large codebases? Because these functions are popular, and in many cases it'd be fine to use insecure functions, i wonder if it's worth it to have this check on by default. Like, if it's relatively quiet - it's fine, but if it'd constitute 90% of the analyzer's warnings on popular projects, that'd probably not be fine.
This patch basically extends an already existing static analyzer check. Even if tidy might be a better fit, I wonder what is the right thing to do in this case. We either end up overlapping functionality with the analyzer and tidy or have to come up with a policy what to do in this such cases.
Repository:
rL LLVM
https://reviews.llvm.org/D35068
More information about the cfe-commits
mailing list