This is an archive of the discontinued LLVM Phabricator instance.

[PATCH] Add a CERT category for clang-tidy checkers
ClosedPublic

Authored by aaron.ballman on Oct 1 2015, 9:45 AM.

Download Raw Diff

Details

Reviewers

klimek
alexfh
sbenza

Summary

CERT produces a set of secure coding rules and recommendations for both C (https://www.securecoding.cert.org/confluence/display/c/SEI+CERT+C+Coding+Standard) and C++ (https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637). One of the tasks we've been doing lately is mapping existing checks to our rules, as well as coming up with new checks where there is insufficient existing coverage for a rule.

This patch adds a new module so that users can enable CERT-specific checkers by using -checks=-*,cert-*. Currently, this is remapping existing checkers under a new name that matches the CERT guideline the checker matches. However, this also is a convenient place for us to hang CERT-specific rules that do not apply elsewhere.

This patch does not come with any tests because the only thing we could test is the name change for reported diagnostics, and I wasn't certain whether that was worth testing.

One thing this patch does not do is enable tests for static analyzer checkers under new names. For instance, I would like to have a way to map clang-analyzer-unix.Malloc to cert-mem34-c, but that seems slightly more involved, and so I intend to do this in a follow-up patch.

~Aaron

Diff Detail

Event Timeline

aaron.ballman updated this revision to Diff 36259.Oct 1 2015, 9:45 AM

aaron.ballman retitled this revision from to [PATCH] Add a CERT category for clang-tidy checkers.

aaron.ballman updated this object.

aaron.ballman added reviewers: alexfh, sbenza.

aaron.ballman added a subscriber: cfe-commits.

This revision is now accepted and ready to land.Oct 2 2015, 6:24 AM

Thanks! I've commit in r249130.

Do we want to have code owners for this sort of thing, or is that too fine-grained of a concept? If we do want them, I am (obviously) happy to be the code owner for anything in the CERT directory.

~Aaron

I dont think we need finer grained code owners, but I also don't have real
objections.

Revision Contents

Path

Size

clang-tidy/

	CMakeLists.txt
	CMakeLists.txt (revision 249002)

1 line

	Makefile
	Makefile (revision 249002)

2 lines

cert/

	CERTTidyModule.cpp
	CERTTidyModule.cpp (revision 0)

59 lines

	CMakeLists.txt
	CMakeLists.txt (revision 0)

12 lines

	Makefile
	Makefile (revision 0)

12 lines

tool/

	CMakeLists.txt
	CMakeLists.txt (revision 249002)

1 line

	ClangTidyMain.cpp
	ClangTidyMain.cpp (revision 249002)

5 lines

	Makefile
	Makefile (revision 249002)

5 lines

Diff 36259

clang-tidy/CMakeLists.txt

Context not available.
	)	)

	add_subdirectory(tool)	add_subdirectory(tool)
		add_subdirectory(cert)
	add_subdirectory(llvm)	add_subdirectory(llvm)
	add_subdirectory(google)	add_subdirectory(google)
	add_subdirectory(misc)	add_subdirectory(misc)
Context not available.

clang-tidy/Makefile

Context not available.
	LIBRARYNAME := clangTidy	LIBRARYNAME := clangTidy
	include $(CLANG_LEVEL)/../../Makefile.config	include $(CLANG_LEVEL)/../../Makefile.config

	DIRS = utils readability llvm google misc modernize tool	DIRS = utils cert readability llvm google misc modernize tool

	include $(CLANG_LEVEL)/Makefile	include $(CLANG_LEVEL)/Makefile
Context not available.

clang-tidy/cert/CERTTidyModule.cpp

				//===--- CERTTidyModule.cpp - clang-tidy ----------------------------------===//
				//
				// The LLVM Compiler Infrastructure
				//
				// This file is distributed under the University of Illinois Open Source
				// License. See LICENSE.TXT for details.
				//
				//===----------------------------------------------------------------------===//

				#include "../ClangTidy.h"
				#include "../ClangTidyModule.h"
				#include "../ClangTidyModuleRegistry.h"
				#include "../google/UnnamedNamespaceInHeaderCheck.h"
				#include "../misc/MoveConstructorInitCheck.h"
				#include "../misc/NewDeleteOverloadsCheck.h"
				#include "../misc/NonCopyableObjects.h"
				#include "../misc/StaticAssertCheck.h"

				namespace clang {
				namespace tidy {
				namespace CERT {

				class CERTModule : public ClangTidyModule {
				public:
				void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
				// C++ checkers
				// DCL
				CheckFactories.registerCheck<misc::NewDeleteOverloadsCheck>(
				"cert-dcl54-cpp");
				CheckFactories.registerCheck<google::build::UnnamedNamespaceInHeaderCheck>(
				"cert-dcl59-cpp");
				// OOP
				CheckFactories.registerCheck<MoveConstructorInitCheck>(
				"cert-oop11-cpp");

				// C checkers
				// DCL
				CheckFactories.registerCheck<StaticAssertCheck>(
				"cert-dcl03-c");

				// FIO
				CheckFactories.registerCheck<NonCopyableObjectsCheck>(
				"cert-fio38-c");
				}
				};

				} // namespace misc

				// Register the MiscTidyModule using this statically initialized variable.
				static ClangTidyModuleRegistry::Add<CERT::CERTModule>
				X("cert-module",
				"Adds lint checks corresponding to CERT secure coding guidelines.");

				// This anchor is used to force the linker to link in the generated object file
				// and thus register the CERTModule.
				volatile int CERTModuleAnchorSource = 0;

				} // namespace tidy
				} // namespace clang

clang-tidy/cert/CMakeLists.txt

				set(LLVM_LINK_COMPONENTS support)

				add_clang_library(clangTidyCERTModule
				CERTTidyModule.cpp

				LINK_LIBS
				clangAST
				clangASTMatchers
				clangBasic
				clangLex
				clangTidy
				)

clang-tidy/cert/Makefile

				##===- clang-tidy/misc/Makefile ----------------------------- Makefile --===##
				#
				# The LLVM Compiler Infrastructure
				#
				# This file is distributed under the University of Illinois Open Source
				# License. See LICENSE.TXT for details.
				#
				##===----------------------------------------------------------------------===##
				CLANG_LEVEL := ../../../..
				LIBRARYNAME := clangTidyCERTModule

				include $(CLANG_LEVEL)/Makefile

clang-tidy/tool/CMakeLists.txt

Context not available.
	clangASTMatchers	clangASTMatchers
	clangBasic	clangBasic
	clangTidy	clangTidy
		clangTidyCERTModule
	clangTidyGoogleModule	clangTidyGoogleModule
	clangTidyLLVMModule	clangTidyLLVMModule
	clangTidyMiscModule	clangTidyMiscModule
Context not available.

clang-tidy/tool/ClangTidyMain.cpp

Context not available.
	return 0;	return 0;
	}	}

		// This anchor is used to force the linker to link the CERTModule.
		extern volatile int CERTModuleAnchorSource;
		static int LLVM_ATTRIBUTE_UNUSED CERTModuleAnchorDestination =
		CERTModuleAnchorSource;

	// This anchor is used to force the linker to link the LLVMModule.	// This anchor is used to force the linker to link the LLVMModule.
	extern volatile int LLVMModuleAnchorSource;	extern volatile int LLVMModuleAnchorSource;
	static int LLVM_ATTRIBUTE_UNUSED LLVMModuleAnchorDestination =	static int LLVM_ATTRIBUTE_UNUSED LLVMModuleAnchorDestination =
Context not available.

clang-tidy/tool/Makefile

Context not available.

	include $(CLANG_LEVEL)/../../Makefile.config	include $(CLANG_LEVEL)/../../Makefile.config
	LINK_COMPONENTS := $(TARGETS_TO_BUILD) asmparser bitreader support mc option	LINK_COMPONENTS := $(TARGETS_TO_BUILD) asmparser bitreader support mc option
	USEDLIBS = clangTidy.a clangTidyLLVMModule.a clangTidyGoogleModule.a \	USEDLIBS = clangTidy.a clangTidyCERTModule.a clangTidyLLVMModule.a \
	clangTidyMiscModule.a clangTidyModernizeModule.a clangTidyReadability.a \	clangTidyGoogleModule.a \ clangTidyMiscModule.a \
		clangTidyModernizeModule.a clangTidyReadability.a \
	clangTidyUtils.a clangStaticAnalyzerFrontend.a \	clangTidyUtils.a clangStaticAnalyzerFrontend.a \
	clangStaticAnalyzerCheckers.a clangStaticAnalyzerCore.a \	clangStaticAnalyzerCheckers.a clangStaticAnalyzerCore.a \
	clangFormat.a clangASTMatchers.a clangTooling.a clangToolingCore.a \	clangFormat.a clangASTMatchers.a clangTooling.a clangToolingCore.a \
Context not available.