vsavchenko added a comment. In D92039#2462889 <https://reviews.llvm.org/D92039#2462889>, @aaron.ballman wrote:
> Your test cases suggest that this is not inter-procedurally checked; it seems > to require all of the APIs to be annotated in order to get the same effect > that an inter-procedural check could determine on its own. I mean, of course, it doesn't have real inter-procedural analysis. But if everything is annotated or conventional - it is identical to inter-procedural case (like in tests with `indirect` in their names). > I'm not worried about the leniency and I'm sorry if it sounds like I'm > implying that it has to be inter-procedural to land -- that's not the case. > What I am worried about is that the way the user runs the frontend is very > different than the way the user runs the static analyzer, and migrating the > warning from the FE to the static analyzer could leave us with problems. If > the intention is that this check will live in the FE as-is (not getting > inter-procedural support), then that's fine. But if the intention is to > extend the check in the future in a way that might need it to move out of the > FE and into the CSA, then I think the check should live in the CSA from the > start (even if it doesn't do inter-procedural analysis). It's not clear to me > whether "in the first version" implies that you expect a subsequent version > to live in the CSA or not. No, we don't plan on moving it to the CSA. As I mentioned above, for hardening we can simply warn if `called_once` parameters leak into functions we don't know about (not annotated or not following conventions). Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D92039/new/ https://reviews.llvm.org/D92039 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits