Re: [PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho marked 5 inline comments as done.
Comment at: clang-tidy/cert/LimitedRandomnessCheck.cpp:22-23
@@ +21,4 @@
+ Finder->addMatcher(
+ declRefExpr(hasDeclaration(functionDecl(namedDecl(hasName("::rand")),
+ parameterCountIs(0
+ .bind("randomGenerator"),
xazax.hun wrote:
> aaron.ballman wrote:
> > xazax.hun wrote:
> > > aaron.ballman wrote:
> > > > xazax.hun wrote:
> > > > > aaron.ballman wrote:
> > > > > > Prazek wrote:
> > > > > > > aaron.ballman wrote:
> > > > > > > > Prazek wrote:
> > > > > > > > > aaron.ballman wrote:
> > > > > > > > > > This should be looking at a callExpr() rather than a
> > > > > > > > > > declRefExpr(), should it not?
> > > > > > > > > I was also thinking about this, but this is actually better,
> > > > > > > > > because it will also match with binding rand with function
> > > > > > > > > pointer.
> > > > > > > > True, but a DeclRefExpr doesn't mean it's a function call.
> > > > > > > > Binding the function is not contrary to the CERT rule, just
> > > > > > > > calling it. For instance, the following pathological case will
> > > > > > > > be caught by this check:
> > > > > > > > ```
> > > > > > > > if (std::rand) {}
> > > > > > > > ```
> > > > > > > > The behavior of this check should be consistent with
> > > > > > > > cert-env33-c, which only looks at calls. (If we really care
> > > > > > > > about bound functions, we'd need flow control analysis, and I
> > > > > > > > think that's overkill for both of those checks, but wouldn't be
> > > > > > > > opposed to someone writing the flow analysis if they really
> > > > > > > > wanted to.)
> > > > > > > It would indeed fire on this pathological case, but I don't think
> > > > > > > we should care about cases like this, because no one is writing
> > > > > > > code like this (and if he would then it would probably be a bug).
> > > > > > > I don't think that there is much code that binds pointer to
> > > > > > > std::rand either, but I think it would be good to display warning
> > > > > > > for this, because even if the function would be never called,
> > > > > > > then it means that this is a bug, and if it would be called then
> > > > > > > it would be nice to tell user that rand might be used here.
> > > > > > >
> > > > > > > Anyway I don't oppose for changing it to callExpr, but I think it
> > > > > > > is better this way.
> > > > > > > It would indeed fire on this pathological case, but I don't think
> > > > > > > we should care about cases like this, because no one is writing
> > > > > > > code like this (and if he would then it would probably be a bug).
> > > > > >
> > > > > > It would be a known false-positive for a check designed to conform
> > > > > > to a particular coding standard. When deviations have come up in
> > > > > > the past for various coding standards, we've added an option to
> > > > > > enable the additional functionality, which I don't think would be
> > > > > > reasonable in this case. Alternatively, the CERT guideline could be
> > > > > > modified, but that is unlikely to occur because binding the
> > > > > > function pointer is not a security concern (only calling the
> > > > > > function).
> > > > > In case you let binding to function pointer you introduce potential
> > > > > false negatives which is worse in this case in my opinion.
> > > > Basically: this half-measure is sufficient for the CERT coding rule,
> > > > but isn't ideal. The ideal check isn't likely to uncover many more
> > > > cases than the half-measure, which is why it was not implemented in the
> > > > past. If someone wants to implement the whole-measure, that's great!
> > > > But implementing a half, half-measure that isn't consistent with other,
> > > > similar checks is the wrong thing to do.
> > > You can not implement an ideal checker. In general, it is undecidable
> > > whether std::rand is called or not. (You can easily create an example
> > > where you would need to solve the halting problem in order to decide
> > > whether std::rand is called.)
> > >
> > > Since the ideal checker is infeasible the question is whether you are OK
> > > with false positives or false negatives. The approach you are suggesting
> > > result in false negatives. The current approach results in false
> > > positives. I think, for this security checker, a false positive is much
> > > less serious to have than a false negative. Moreover, I doubt that people
> > > write code where such false positives are intended and the code should
> > > not be changed. But in case you can think of an example, please let us
> > > know.
> > > You can not implement an ideal checker. In general, it is undecidable
> > > whether std::rand is called or not. (You can easily create an example
> > > where you would need to solve the halting problem in order to decide
> > > whether std::rand is called.)
> >
> > I said "ideal", not "perfe
Re: [PATCH] D23421: [Clang-tidy] CERT-MSC53-CPP (checker for std namespace modification)
Unfortunatelly I wont have time now to work on this check... Thank you for understanding! On Mon, Feb 6, 2017 at 3:44 PM, Gábor Horváth via Phabricator < revi...@reviews.llvm.org> wrote: > xazax.hun added a comment. > > Benedek, do you have time to address the review comments or do you want me > to commandeer this revision? > > > Repository: > rL LLVM > > https://reviews.llvm.org/D23421 > > > > ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho removed rL LLVM as the repository for this revision.
falho updated this revision to Diff 74908.
falho added a comment.
Herald added subscribers: modocache, mgorny, beanz.
updated diff according to first reviews
https://reviews.llvm.org/D22346
Files:
clang-tidy/cert/.LimitedRandomnessCheck.cpp.swo
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/LimitedRandomnessCheck.cpp
clang-tidy/cert/LimitedRandomnessCheck.h
docs/clang-tidy/checks/cert-msc50-cpp.rst
docs/clang-tidy/checks/list.rst
test/clang-tidy/cert-limited-randomness.c
test/clang-tidy/cert-limited-randomness.cpp
Index: test/clang-tidy/cert-limited-randomness.cpp
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.cpp
@@ -0,0 +1,28 @@
+// RUN: %check_clang_tidy %s cert-msc50-cpp %t
+
+int rand();
+int rand(int);
+
+namespace std {
+using ::rand;
+}
+
+namespace nonstd {
+ int rand();
+}
+
+void testFunction1() {
+ int i = std::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:16: warning: rand() function has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int j = ::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:13: warning: rand() function has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int k = rand(i);
+
+ int l = nonstd::rand();
+
+ int m = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() function has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+}
+
Index: test/clang-tidy/cert-limited-randomness.c
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.c
@@ -0,0 +1,13 @@
+// RUN: %check_clang_tidy %s cert-msc30-c %t
+
+extern int rand(void);
+int nonrand();
+
+int cTest() {
+ int i = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() function has limited randomness; [cert-msc30-c]
+
+ int k = nonrand();
+
+ return 0;
+}
Index: docs/clang-tidy/checks/list.rst
===
--- docs/clang-tidy/checks/list.rst
+++ docs/clang-tidy/checks/list.rst
@@ -17,6 +17,8 @@
cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference)
cert-fio38-c (redirects to misc-non-copyable-objects)
cert-flp30-c
+ cert-msc50-c (redirects to cert-limited-randomness)
+ cert-msc50-cpp
cert-oop11-cpp (redirects to misc-move-constructor-init)
cppcoreguidelines-interfaces-global-init
cppcoreguidelines-pro-bounds-array-to-pointer-decay
Index: docs/clang-tidy/checks/cert-msc50-cpp.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc50-cpp.rst
@@ -0,0 +1,6 @@
+.. title:: clang-tidy - cert-msc50-cpp
+
+cert-msc-50
+===
+
+Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. The ``std::rand()`` function takes a seed (number), runs a mathematical operation on it and returns the result. By manipulating the seed the result can be predictible. This check warns for the usage of ``std::rand()``.
Index: clang-tidy/cert/LimitedRandomnessCheck.h
===
--- /dev/null
+++ clang-tidy/cert/LimitedRandomnessCheck.h
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy---*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+ LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+ : ClangTidyCheck(Name, Context) {}
+ void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+ void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
+};
+
+} // namespace cert
+} // namespace tidy
+} // namespace clang
+
+#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
Index: clang-tidy/cert/LimitedRandomnessCheck.cpp
===
--- /dev/null
+++
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho updated this revision to Diff 75460.
falho added a comment.
changes according to 2nd review
https://reviews.llvm.org/D22346
Files:
clang-tidy/cert/.LimitedRandomnessCheck.cpp.swo
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/LimitedRandomnessCheck.cpp
clang-tidy/cert/LimitedRandomnessCheck.h
docs/clang-tidy/checks/cert-msc30-c.rst
docs/clang-tidy/checks/cert-msc50-cpp.rst
docs/clang-tidy/checks/list.rst
test/clang-tidy/cert-limited-randomness.c
test/clang-tidy/cert-limited-randomness.cpp
Index: test/clang-tidy/cert-limited-randomness.cpp
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.cpp
@@ -0,0 +1,28 @@
+// RUN: %check_clang_tidy %s cert-msc50-cpp %t
+
+int rand();
+int rand(int);
+
+namespace std {
+using ::rand;
+}
+
+namespace nonstd {
+ int rand();
+}
+
+void testFunction1() {
+ int i = std::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int j = ::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int k = rand(i);
+
+ int l = nonstd::rand();
+
+ int m = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+}
+
Index: test/clang-tidy/cert-limited-randomness.c
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.c
@@ -0,0 +1,13 @@
+// RUN: %check_clang_tidy %s cert-msc30-c %t
+
+extern int rand(void);
+int nonrand();
+
+int cTest() {
+ int i = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; [cert-msc30-c]
+
+ int k = nonrand();
+
+ return 0;
+}
Index: docs/clang-tidy/checks/list.rst
===
--- docs/clang-tidy/checks/list.rst
+++ docs/clang-tidy/checks/list.rst
@@ -18,6 +18,8 @@
cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference)
cert-fio38-c (redirects to misc-non-copyable-objects)
cert-flp30-c
+ cert-msc30-c (redirects to cert-limited-randomness)
+ cert-msc50-cpp
cert-oop11-cpp (redirects to misc-move-constructor-init)
cppcoreguidelines-interfaces-global-init
cppcoreguidelines-pro-bounds-array-to-pointer-decay
Index: docs/clang-tidy/checks/cert-msc50-cpp.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc50-cpp.rst
@@ -0,0 +1,6 @@
+.. title:: clang-tidy - cert-msc50-cpp
+
+cert-msc50-cpp
+==
+
+Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. The ``std::rand()`` function takes a seed (number), runs a mathematical operation on it and returns the result. By manipulating the seed the result can be predictible. This check warns for the usage of ``std::rand()``.
Index: docs/clang-tidy/checks/cert-msc30-c.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc30-c.rst
@@ -0,0 +1,7 @@
+.. title:: clang-tidy - cert-msc30-c
+
+cert-msc30-c
+
+
+The cert-msc30-c check is an alias, please see
+`cert-msc50-cpp `_ for more information.
Index: clang-tidy/cert/LimitedRandomnessCheck.h
===
--- /dev/null
+++ clang-tidy/cert/LimitedRandomnessCheck.h
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy---*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+ LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+ : ClangTidyCheck(Name, Context) {}
+ void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+ void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
+};
+
+} // namespace cert
+} // name
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho updated this revision to Diff 75935.
falho marked an inline comment as done.
falho added a comment.
removed semicolon, and replaced it with a comma that only appears in .cpp
diagnostics
test cases corrected according to this
removed junk .swo file
https://reviews.llvm.org/D22346
Files:
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/LimitedRandomnessCheck.cpp
clang-tidy/cert/LimitedRandomnessCheck.h
docs/clang-tidy/checks/cert-msc30-c.rst
docs/clang-tidy/checks/cert-msc50-cpp.rst
docs/clang-tidy/checks/list.rst
test/clang-tidy/cert-limited-randomness.c
test/clang-tidy/cert-limited-randomness.cpp
Index: test/clang-tidy/cert-limited-randomness.cpp
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.cpp
@@ -0,0 +1,28 @@
+// RUN: %check_clang_tidy %s cert-msc50-cpp %t
+
+int rand();
+int rand(int);
+
+namespace std {
+using ::rand;
+}
+
+namespace nonstd {
+ int rand();
+}
+
+void testFunction1() {
+ int i = std::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int j = ::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+
+ int k = rand(i);
+
+ int l = nonstd::rand();
+
+ int m = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness, use C++11 random library instead [cert-msc50-cpp]
+}
+
Index: test/clang-tidy/cert-limited-randomness.c
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.c
@@ -0,0 +1,13 @@
+// RUN: %check_clang_tidy %s cert-msc30-c %t
+
+extern int rand(void);
+int nonrand();
+
+int cTest() {
+ int i = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness [cert-msc30-c]
+
+ int k = nonrand();
+
+ return 0;
+}
Index: docs/clang-tidy/checks/list.rst
===
--- docs/clang-tidy/checks/list.rst
+++ docs/clang-tidy/checks/list.rst
@@ -18,6 +18,8 @@
cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference)
cert-fio38-c (redirects to misc-non-copyable-objects)
cert-flp30-c
+ cert-msc30-c (redirects to cert-limited-randomness)
+ cert-msc50-cpp
cert-oop11-cpp (redirects to misc-move-constructor-init)
cppcoreguidelines-interfaces-global-init
cppcoreguidelines-pro-bounds-array-to-pointer-decay
Index: docs/clang-tidy/checks/cert-msc50-cpp.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc50-cpp.rst
@@ -0,0 +1,6 @@
+.. title:: clang-tidy - cert-msc50-cpp
+
+cert-msc50-cpp
+==
+
+Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. The ``std::rand()`` function takes a seed (number), runs a mathematical operation on it and returns the result. By manipulating the seed the result can be predictible. This check warns for the usage of ``std::rand()``.
Index: docs/clang-tidy/checks/cert-msc30-c.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc30-c.rst
@@ -0,0 +1,7 @@
+.. title:: clang-tidy - cert-msc30-c
+
+cert-msc30-c
+
+
+The cert-msc30-c check is an alias, please see
+`cert-msc50-cpp `_ for more information.
Index: clang-tidy/cert/LimitedRandomnessCheck.h
===
--- /dev/null
+++ clang-tidy/cert/LimitedRandomnessCheck.h
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy---*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+ LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+ : ClangTidyCheck(Name, Context) {}
+ void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+ void
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho updated this revision to Diff 76072.
falho marked an inline comment as done.
falho added a comment.
in cpp diagnostics message: comma changed back to semicolon, + curly braces
removed
testfiles corrected accordingly
https://reviews.llvm.org/D22346
Files:
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/LimitedRandomnessCheck.cpp
clang-tidy/cert/LimitedRandomnessCheck.h
docs/clang-tidy/checks/cert-msc30-c.rst
docs/clang-tidy/checks/cert-msc50-cpp.rst
docs/clang-tidy/checks/list.rst
test/clang-tidy/cert-limited-randomness.c
test/clang-tidy/cert-limited-randomness.cpp
Index: test/clang-tidy/cert-limited-randomness.cpp
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.cpp
@@ -0,0 +1,28 @@
+// RUN: %check_clang_tidy %s cert-msc50-cpp %t
+
+int rand();
+int rand(int);
+
+namespace std {
+using ::rand;
+}
+
+namespace nonstd {
+ int rand();
+}
+
+void testFunction1() {
+ int i = std::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+
+ int j = ::rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+
+ int k = rand(i);
+
+ int l = nonstd::rand();
+
+ int m = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+}
+
Index: test/clang-tidy/cert-limited-randomness.c
===
--- /dev/null
+++ test/clang-tidy/cert-limited-randomness.c
@@ -0,0 +1,13 @@
+// RUN: %check_clang_tidy %s cert-msc30-c %t
+
+extern int rand(void);
+int nonrand();
+
+int cTest() {
+ int i = rand();
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness [cert-msc30-c]
+
+ int k = nonrand();
+
+ return 0;
+}
Index: docs/clang-tidy/checks/list.rst
===
--- docs/clang-tidy/checks/list.rst
+++ docs/clang-tidy/checks/list.rst
@@ -18,6 +18,8 @@
cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference)
cert-fio38-c (redirects to misc-non-copyable-objects)
cert-flp30-c
+ cert-msc30-c (redirects to cert-limited-randomness)
+ cert-msc50-cpp
cert-oop11-cpp (redirects to misc-move-constructor-init)
cppcoreguidelines-interfaces-global-init
cppcoreguidelines-pro-bounds-array-to-pointer-decay
Index: docs/clang-tidy/checks/cert-msc50-cpp.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc50-cpp.rst
@@ -0,0 +1,6 @@
+.. title:: clang-tidy - cert-msc50-cpp
+
+cert-msc50-cpp
+==
+
+Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. The ``std::rand()`` function takes a seed (number), runs a mathematical operation on it and returns the result. By manipulating the seed the result can be predictible. This check warns for the usage of ``std::rand()``.
Index: docs/clang-tidy/checks/cert-msc30-c.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/cert-msc30-c.rst
@@ -0,0 +1,7 @@
+.. title:: clang-tidy - cert-msc30-c
+
+cert-msc30-c
+
+
+The cert-msc30-c check is an alias, please see
+`cert-msc50-cpp `_ for more information.
Index: clang-tidy/cert/LimitedRandomnessCheck.h
===
--- /dev/null
+++ clang-tidy/cert/LimitedRandomnessCheck.h
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy---*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+ LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+ : ClangTidyCheck(Name, Context) {}
+ void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+ void check(const ast_matchers::MatchFi
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho added a comment. Cool! Thank you for the reviews! https://reviews.llvm.org/D22346 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho added a comment. Thanks but I think I will try it! https://reviews.llvm.org/D22346 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho added a comment. I just figured out that I don't have right to commit to llvm so I would appreciate if you could commit this check for me. Do you need any info about me? Thank you! https://reviews.llvm.org/D22346 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho added a comment. Thanks ! https://reviews.llvm.org/D22346 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
[PATCH] D23427: [Clang-tidy] Comparison Misuse
falho created this revision.
falho added reviewers: xazax.hun, o.gyorgy, alexfh, aaron.ballman, etienneb,
hokein, Prazek.
falho added a subscriber: cfe-commits.
falho set the repository for this revision to rL LLVM.
This checker warns for the misuse of comparison operators
- char* is compared to a string literal
- inequality operator usage for NULL
Repository:
rL LLVM
https://reviews.llvm.org/D23427
Files:
clang-tidy/misc/CMakeLists.txt
clang-tidy/misc/ComparisonMisuseCheck.cpp
clang-tidy/misc/ComparisonMisuseCheck.h
clang-tidy/misc/MiscTidyModule.cpp
docs/clang-tidy/checks/list.rst
docs/clang-tidy/checks/misc-comparison-misuse.rst
test/clang-tidy/misc-comparison-misuse.cpp
Index: test/clang-tidy/misc-comparison-misuse.cpp
===
--- /dev/null
+++ test/clang-tidy/misc-comparison-misuse.cpp
@@ -0,0 +1,20 @@
+// RUN: %check_clang_tidy %s misc-comparison-misuse %t
+
+#define NULL __null
+
+bool test_pointer_to_literal(const char *my){
+ bool b = (my=="mystring");
+ // CHECK-MESSAGES: :[[@LINE-1]]:15: warning: char* is compared to a string literal [misc-comparison-misuse]
+ return "mystring"==my;
+ // CHECK-MESSAGES: :[[@LINE-1]]:20: warning: char* is compared to a string literal [misc-comparison-misuse]
+}
+
+void test_null_to_pointer(int *p){
+ if (NULL>=p);
+ // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: comparison to nullptr [misc-comparison-misuse]
+
+ if (NULL==p);
+
+ if (NULL!=p);
+}
+
Index: docs/clang-tidy/checks/misc-comparison-misuse.rst
===
--- /dev/null
+++ docs/clang-tidy/checks/misc-comparison-misuse.rst
@@ -0,0 +1,25 @@
+.. title:: clang-tidy - misc-comparison-misuse
+
+misc-comparison-misuse
+==
+
+This checker reports errors related to the misuse of the comparison operator.
+It should warn for the following cases:
+
+Case 1:
+ ``char*`` is compared to a string literal.
+
+.. code-block::
+ bool isMyString(const char * my){
+return "mystring"==my;//error. comparing pointer to string literal
+ }
+
+
+Case 2:
+ Inequality operator usage for ``NULL``.
+
+.. code-block:: c++
+ void(int * p){
+ if (NULL>=p)//error, use only NULL==p, NULL!=p
+ }
+
Index: docs/clang-tidy/checks/list.rst
===
--- docs/clang-tidy/checks/list.rst
+++ docs/clang-tidy/checks/list.rst
@@ -55,6 +55,7 @@
misc-argument-comment
misc-assert-side-effect
misc-bool-pointer-implicit-conversion
+ misc-comparison-misuse
misc-dangling-handle
misc-definitions-in-headers
misc-fold-init-type
Index: clang-tidy/misc/MiscTidyModule.cpp
===
--- clang-tidy/misc/MiscTidyModule.cpp
+++ clang-tidy/misc/MiscTidyModule.cpp
@@ -15,6 +15,7 @@
#include "MisplacedConstCheck.h"
#include "UnconventionalAssignOperatorCheck.h"
#include "BoolPointerImplicitConversionCheck.h"
+#include "ComparisonMisuseCheck.h"
#include "DanglingHandleCheck.h"
#include "DefinitionsInHeadersCheck.h"
#include "FoldInitTypeCheck.h"
@@ -68,6 +69,8 @@
"misc-unconventional-assign-operator");
CheckFactories.registerCheck(
"misc-bool-pointer-implicit-conversion");
+CheckFactories.registerCheck(
+"misc-comparison-misuse");
CheckFactories.registerCheck(
"misc-dangling-handle");
CheckFactories.registerCheck(
Index: clang-tidy/misc/ComparisonMisuseCheck.h
===
--- /dev/null
+++ clang-tidy/misc/ComparisonMisuseCheck.h
@@ -0,0 +1,39 @@
+//===--- ComparisonMisuseCheck.h - clang-tidy*- C++ -*-===//
+//
+// The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===--===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_MISC_COMPARISON_MISUSE_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_MISC_COMPARISON_MISUSE_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace misc {
+
+/// This checker reports errors related to the misuse of the comparison operator.
+/// It should warn for the following cases:
+/// - strcmp,strncmp,memcmp misuse.
+/// - char* is compared to a string literal
+/// - inequality operator usage for NULL
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/misc-comparison-misuse.html
+class ComparisonMisuseCheck : public ClangTidyCheck {
+public:
+ ComparisonMisuseCheck(StringRef Name, ClangTidyContext *Context)
+ : ClangTidyCheck(Name, Context) {}
+ void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+ void check(const ast_matchers::MatchFinder::MatchResult &Result) over
Re: [PATCH] D22346: [Clang-tidy] CERT-MSC50-CPP (std:rand() )
falho added a comment. Hi! Thanks for the reviews! I will be off for a few days so I will start working on it when Im back. Greetz! Benedek Repository: rL LLVM https://reviews.llvm.org/D22346 ___ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
