[cfg] Update labels file for updated checkers #4383
Conversation
Since the last release some ClangSA checkers were moved to different packages and some new checkers were introduced. This change updates the label configuration of CodeChecker to reflect this.
gamesh411
force-pushed
the
checker-label-update
branch
from
41555b3
to
09fb4bd
Compare
| @@ -643,6 +663,10 @@ | |||
| "profile:sensitive", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "bugprone-tagged-union-member-count": [ | |||
There was a problem hiding this comment.
maybe could go into the default profile?
There was a problem hiding this comment.
IMO, it's not particularly easy to understand results, but it's not noisy either (6 results on codechecker,memcached,tmux,curl,twin,vim,openssl,sqlite,ffmpeg,postgres,tinyxml2,libwebm,xerces,bitcoin,protobuf,qtbase,openrct2,llvm-project).
There was a problem hiding this comment.
I think with the documentation it is understandable: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/tagged-union-member-count.html
we could enable this by default I think.
| @@ -487,6 +503,10 @@ | |||
| "sei-cert:dcl51-cpp", | |||
| "severity:LOW" | |||
| ], | |||
| "bugprone-return-const-ref-from-parameter": [ | |||
| "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/bugprone/return-const-ref-from-parameter.html", | |||
| "severity:MEDIUM" | |||
There was a problem hiding this comment.
60 reports, I would consider this moderately noisy.
| @@ -788,6 +812,13 @@ | |||
| "profile:sensitive", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "cert-arr39-c": [ | |||
There was a problem hiding this comment.
this checker is an alias of the bugprone-sizeof-expression.
To avoid duplicate findings, we just add the main checker to the profiles and the guidelines. So please move these to the bugprone-sizeof-expression.
"guideline:sei-cert",
"profile:security",
"sei-cert:arr39-c",
There was a problem hiding this comment.
moving there, this and the bugprone-sizeof-expression is also quite noisy
| @@ -796,6 +827,13 @@ | |||
| "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/con54-cpp.html", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "cert-ctr56-cpp": [ | |||
| "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/ctr56-cpp.html", | |||
There was a problem hiding this comment.
this is just an alias checker please move teh guideline and sei-cert profile correspondence to
checker
bugprone-pointer-arithmetic-on-polymorphic-object
config/labels/analyzers/clangsa.json
Outdated
| @@ -278,7 +273,7 @@ | |||
| "profile:sensitive", | |||
| "severity:HIGH" | |||
| ], | |||
| "alpha.unix.SimpleStream": [ | |||
| "unix.SimpleStream": [ | |||
There was a problem hiding this comment.
maybe to profile:default depending how noisy it is
gamesh411
force-pushed
the
checker-label-update
branch
from
7c0ba25
to
28504b8
Compare
gamesh411
force-pushed
the
checker-label-update
branch
from
28504b8
to
1c93f14
Compare
|
I have checked the reports for clangsa and tidy, and this is what I came up with. |
There was a problem hiding this comment.
Please add back the severity and link documentation of
- cert-arr39-c
- cert-ctr56-cpp
checkers, but don't assign them to profiles.
I am hesitant about adding bugprone-return-const-ref-from-parameter and bugprone-pointer-arithmetic-on-polymorphic-object to the default profile.
| @@ -466,6 +486,14 @@ | |||
| "profile:sensitive", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "bugprone-pointer-arithmetic-on-polymorphic-object": [ | |||
There was a problem hiding this comment.
would this one be too noisy in the default profile? I saw 155 reports in the QT project...
| @@ -643,6 +663,10 @@ | |||
| "profile:sensitive", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "bugprone-tagged-union-member-count": [ | |||
There was a problem hiding this comment.
I think with the documentation it is understandable: https://clang.llvm.org/extra/clang-tidy/checks/bugprone/tagged-union-member-count.html
we could enable this by default I think.
Since the last release some ClangSA checkers were moved to different packages and some new checkers were introduced. This change updates the label configuration of CodeChecker to reflect this.
I just eyeballed the severities and the profiles, so it's open for suggestions.
Notes:
alpha.security.taint.TaintPropagation does not have a documentation link, so I just put the GenericTaintChecker link as doc-url. Alternatively, we could use doc entry: https://clang.llvm.org/docs/analyzer/user-docs/TaintAnalysisConfiguration.html
With this patch, all the taint-related checkers share the same severity and profiles as the now-removed alpha.security.taint.TaintPropagation.
I put BlockInCriticalSection in the default profile, as I have deemed it not too noisy, and the results were meaningful IMO.