[PATCH] D112916: Confusable identifiers detection

Aaron Ballman via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Fri Feb 11 06:36:44 PST 2022

aaron.ballman added reviewers: tahonermann, cor3ntin.
aaron.ballman added a comment.

Personally, I'm uncomfortable with this check because it's not really covering homoglyphs in general, it's covering homoglyphs outside of the usual Latin character set. For example, there's no attempt to catch other problematic homoglyph attack vectors like `1` vs `l` vs `I` or `O` vs `0`. The result is: this comes across feeling like it targets non-Latin character scripts as being dangerous but Latin character scripts are fine when that's not really accurate. That's not a path I feel comfortable walking down because it treats programmers differently depending on what their native language is (at least, as used within source code).

Adding some folks from the WG21 Unicode study group (SG16) as they may also have interesting input and advice.



More information about the cfe-commits mailing list