[PATCH] D36836: [clang-tidy] Implement sonarsource-function-cognitive-complexity check
Roman Lebedev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 24 07:56:54 PDT 2020
lebedev.ri added a comment.
In D36836#2292541 <https://reviews.llvm.org/D36836#2292541>, @aaron.ballman wrote:
> In D36836#2289639 <https://reviews.llvm.org/D36836#2289639>, @lebedev.ri wrote:
>
>> Rebased.
>>
>> There is a number of official open-source LGPL-3 implementations already:
>>
>> - https://github.com/SonarSource/SonarTS/pull/378
>> - https://github.com/SonarSource/sonar-java/pull/1385
>> - https://github.com/SonarSource/SonarJS/pull/449
>> - https://github.com/SonarSource/sonar-php/pull/173
>>
>> There are other open-source LGPL-3 implementations already:
>>
>> - https://pypi.org/project/cognitive-complexity/ (MIT)
>> - https://github.com/rossmacarthur/complexity (APACHE/MIT)
>>
>> There are other 3rd party implementations:
>>
>> - https://docs.codeclimate.com/docs/cognitive-complexity
>>
>> Quite honestly, i do not understand how did the license question arose.
>
> It arose in a comment that I can't seem to get phab to show me the context for (which is a bit strange, I don't think I've run into that before): https://reviews.llvm.org/D36836#877636 Perhaps part of this was carrying discussion over from the IRC channel?
>
>> Would have it been fine if i based this on the open-source-licensed code?
>
> I believe that would require legal analysis to answer.
>
>> Would have it not been? Would same license question be raised?
>
> Likewise here (I suspect the answer would depend on what the license of the open source code is).
>
>> Somehow i don't think it would have been.
>
> I don't wish to speculate about legal licensing issues on the mailing lists.
>
>> Is this really just about `Copyright SonarSource S.A., 2018, Switzerland. All content is copyright protected.` in https://www.sonarsource.com/docs/CognitiveComplexity.pdf ?
>> But that is only about the document, not the algorithm.
>> But even if we enternain the idea that all of the implementations must bow to that license,
>> then surely this is not the first code in LLVM that is implicitly/explicitly based on copyrighted doc.
>>
>> This is rather frustrating.
>
> I am sorry and I agree that it's frustrating.
> As far as I know, this captures the current state of affairs: https://reviews.llvm.org/D36836#1031600
As far as I know, yes. Some further back&forth reiterated:
> @Roman so you know, none of the non-SonarSource implementations have an official license from us.
> We put the spec out in the world and we're happy when someone uses it. And that's all.
> I appreciate how frustrated you must be with your implementation caught between a proverbial rock and a hard place.
> Unfortunately, we (the company) just aren't willing to do the paperwork.
> (G. Ann Campbell)
F13053113: reply.eml <https://reviews.llvm.org/F13053113>
> and basically we're waiting for help from the foundation to clear the last hurdle.
Is foundation even aware of this controversy/situation?
https://reviews.llvm.org/D36836#1021863, which is the last response i got, was 2.5 years ago.
For all we/i know this has gone off their radar.
I understand that it is fully possible that they simply haven't gotten around to it,
but i think it would be important to check that it isn't the case of lost mail.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D36836/new/
https://reviews.llvm.org/D36836
More information about the cfe-commits
mailing list