[cfe-dev] [RFC][clang-tidy] Register warnings as check aliases

Daniel Marjamäki via cfe-dev cfe-dev at lists.llvm.org
Mon Oct 3 03:16:34 PDT 2016


Hello!

>> However if I just run clang-tidy as a complement to get extra checks .. then I don't want that clang compiler warnings are enabled and renamed "behind my back". Do you think we can avoid that?

> What do you mean? In case somebody enables the CERT checks, I think she is likely to be interested in all CERT checks. And right now there, when a check is already covered by a warning it is not added to clang tidy. So in order to get the best coverage on needs to review all of the warnings and enable them explicitly. I think it is much more convenient to just enable the CERT checks and you are good to go. Can you think of a use case where this is unintended behaviour?

The file-based configuration that Aaron suggested will solve my doubts.

Best regards,
Daniel Marjamäki

..................................................................................................................
Daniel Marjamäki Senior Engineer
Evidente ES East AB  Warfvinges väg 34  SE-112 51 Stockholm  Sweden

Mobile:                 +46 (0)709 12 42 62
E-mail:                 Daniel.Marjamaki at evidente.se

www.evidente.se

________________________________________
Från: Gábor Horváth [xazax.hun at gmail.com]
Skickat: den 3 oktober 2016 10:43
Till: Daniel Marjamäki
Kopia: Clang Dev
Ämne: Re: [cfe-dev] [RFC][clang-tidy] Register warnings as check aliases

Hi!

On 29 September 2016 at 09:52, Daniel Marjamäki <Daniel.Marjamaki at evidente.se<mailto:Daniel.Marjamaki at evidente.se>> wrote:

Hello!

This sounds useful for those that wants to check CERT compliance.

However if I just run clang-tidy as a complement to get extra checks .. then I don't want that clang compiler warnings are enabled and renamed "behind my back". Do you think we can avoid that?

What do you mean? In case somebody enables the CERT checks, I think she is likely to be interested in all CERT checks. And right now there, when a check is already covered by a warning it is not added to clang tidy. So in order to get the best coverage on needs to review all of the warnings and enable them explicitly. I think it is much more convenient to just enable the CERT checks and you are good to go. Can you think of a use case where this is unintended behaviour?


Many static analyzer checkers has partial coverage of CERT rules also. For instance out-of-bounds, dereferencing null pointers, etc. I assume you would only alias checks that has full coverage?

Yes, I think it we should only add alias to checks with full coverage. However, it would be great to document partial coverage somewhere.

Regards,
Gábor


Imho it would be good to someday have MISRA, JSF, .. checks also. And I assume there is some overlap. so same warning could be aliased by both cert-* and misra-* etc.

Best regards,
Daniel Marjamäki

..................................................................................................................
Daniel Marjamäki Senior Engineer
Evidente ES East AB  Warfvinges väg 34  SE-112 51 Stockholm  Sweden

Mobile:                 +46 (0)709 12 42 62<tel:%2B46%20%280%29709%2012%2042%2062>
E-mail:                 Daniel.Marjamaki at evidente.se<mailto:Daniel.Marjamaki at evidente.se>

www.evidente.se<http://www.evidente.se>

________________________________________
Från: cfe-dev [cfe-dev-bounces at lists.llvm.org<mailto:cfe-dev-bounces at lists.llvm.org>] för Gábor Horváth via cfe-dev [cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>]
Skickat: den 28 september 2016 09:44
Till: Clang Dev; Alexander Kornienko; Aaron Ballman
Ämne: [cfe-dev] [RFC][clang-tidy] Register warnings as check aliases

Hi!

I would like to propose that it should be possible to register compiler warnings as clang-tidy check aliases.

As a motivating example, there is a CERT C++ secure coding rule: ERR54-CPP [1]

This rule is covered by the clang warning: -Wexceptions

So turning on this check in clang tidy would have two effects: turning on -Wexceptions and display the result of -Wexceptions as ERR54-CPP hits.

In my opinion aliases like this would be a great usability improvement:
 - it would be easier to check the code against some coding guidelines.
 - it would be easier to check what rules are already covered.
 - it would be easier to find uncovered rules to implement.

What do you think? Would you support a feature like that?

Regards,
Gabor

[1]: https://www.securecoding.cert.org/confluence/display/cplusplus/ERR54-CPP.+Catch+handlers+should+order+their+parameter+types+from+most+derived+to+least+derived




More information about the cfe-dev mailing list