Page MenuHomePhabricator

[clang-tidy] Add a flag to enable alpha checkers
ClosedPublic

Authored by pfultz2 on Apr 26 2018, 5:14 PM.

Details

Summary

The alpha checkers can already be enabled using the clang driver, this allows them to be enabled using the clang-tidy as well. This can make it easier to test the alpha checkers with projects which already support the compile_commands.json. It will also allow more people to give feedback and patches about the alpha checkers since they can run it as part of clang tidy checks.

Diff Detail

Repository
rL LLVM

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

I just feel like pointing out that you can already do that:

$ clang-tidy -checks=clang-analyzer-alpha* -p <....>

(be wary of * expanding)
clang-tidy --help says:

-checks=<string>             - 
                               <...> This option's value is appended to the
                               value of the 'Checks' option in .clang-tidy
                               file, if any.

Oh, hm.
I just needed something to view the call graph.
I have almost wrote a clang-tidy check using analysis/CallGraph.h, but then i noticed/remembered that clang static analyzer has that already.
But $ clang-tidy -checks=* -list-checks | grep -i analyzer | grep -i debug does not list it.
Similarly $ clang-tidy -checks=* -list-checks | grep -i analyzer | grep -i alpha, contrarily to my expectations also does not list alpha checks...

So while this change is needed,
I think this is the larger problem that should be resolved.

Oh, hm.
I just needed something to view the call graph.
I have almost wrote a clang-tidy check using analysis/CallGraph.h, but then i noticed/remembered that clang static analyzer has that already.
But $ clang-tidy -checks=* -list-checks | grep -i analyzer | grep -i debug does not list it.
Similarly $ clang-tidy -checks=* -list-checks | grep -i analyzer | grep -i alpha, contrarily to my expectations also does not list alpha checks...

So while this change is needed,
I think this is the larger problem that should be resolved.

...
And actually looking a bit more at this, i notice

// RUN: clang-tidy -checks=* -list-checks -enable-alpha-checks | grep 'clang-analyzer-alpha'

So ok, i think this is good. (I'll add debug checks ontop of this differential)
Do we want to be more specific and specify that we are talking about /analyzer/ alpha checks?

lebedev.ri accepted this revision.Apr 27 2018, 8:39 AM

So i suspect the history here is: D26310 added a way to filter-out these clang analyzer checks,
which removed these checks from being available in clang-tidy, but did not add an option
(like in this differential) to get them back, so it was a clear regression.

I'm going to accept this because of the reasoning in my previous comments here,
but please wait for @alexfh or someone else to LGTM this too.

This revision is now accepted and ready to land.Apr 27 2018, 8:39 AM

I'm curious about the use case for this, since I don't think it ever makes sense to run all the alpha checks at once. These checks are typically a work in progress (they're not finished yet) and often have false positives that haven't been fixed yet. Often they don't handle all facets of the language and can crash on unhandled constructs. While it makes sense to enable a specific alpha check (or even a set of related alpha checks) when developing these checks or when evaluating whether they are ready to graduate into non-alpha it seems to me that running all of them isn't useful, ever.

There is a real cost to this. People often don't know what 'alpha' means and so when they run all the alpha checks they get an incorrect perspective of the quality of the analyzer. They don't realize that the alpha checks are purely used as a mechanism to support in-tree incremental development.

Without a strong rationale for this flag, I would be very opposed it since (as we have seen in the past) it leads to a poor user experience.

...

Note that it is completely off by default, and is not listed in documentation, clang-tidy --help,
so one would have to know of the existence of that hidden flag first, and only then when that flag is passed, those alpha checks could be enabled.

Note that it is completely off by default, and is not listed in documentation, clang-tidy --help,
so one would have to know of the existence of that hidden flag first, and only then when that flag is passed, those alpha checks could be enabled.

All it takes is one stack overflow comment or blog post recommending the flag and then we're back where we started. I'm really worried about well-intentioned ("running more checks means higher-quality code, so let's run ALL the checks") people enabling this option and having a bad experience.

Can you explain what the benefit of this flag is? How do you envision it being used?

Note that it is completely off by default, and is not listed in documentation, clang-tidy --help,
so one would have to know of the existence of that hidden flag first, and only then when that flag is passed, those alpha checks could be enabled.

All it takes is one stack overflow comment or blog post recommending the flag and then we're back where we started. I'm really worried about well-intentioned ("running more checks means higher-quality code, so let's run ALL the checks") people enabling this option and having a bad experience.

Can you explain what the benefit of this flag is? How do you envision it being used?

What about scan-build proper?
Those alpha checks are always present in all builds, one always can pass -enable-checker alpha.clone.CloneChecker.
I would understand if there was a cmake-time switch to build those, but there isn't one..

Also, it is *much* easier to use clang-tidy rather than clang-analyzer, because you can run clang-tidy on an existing compilation database,
while in scan-build's case, you need whole new build. It's cumbersome.

NoQ added a subscriber: NoQ.Apr 27 2018, 11:59 AM
NoQ added inline comments.
clang-tidy/ClangTidy.cpp
373–376 ↗(On Diff #144245)

Btw this is already enabled by default.

NoQ added a comment.Apr 27 2018, 1:19 PM

Am i understanding correctly that the new -enable-alpha-checks flag doesn't enable alpha checks, but it only allows enabling them with a separate command?

Also wanted to mention that developers who are interested in running analyzer alpha checkers over a compilation database also have an option of trying to use scan-build-py which has support for both generating compilation databases from arbitrary build systems and running over existing compilation databases. This tool is also not recommended for actual users due to a number of regressions from the existing scan-build, but it might get the job done when it comes to developing and testing the analyzer itself.

In D46159#1081559, @NoQ wrote:

Am i understanding correctly that the new -enable-alpha-checks flag doesn't enable alpha checks, but it only allows enabling them with a separate command?

Yes, absolutely! Same with my followup D46188.
Perhaps something like -allow-enabling-alpha-checks would be a better name, but it is kinda long.

Also wanted to mention that developers who are interested in running analyzer alpha checkers over a compilation database also have an option of trying to use scan-build-py which has support for both generating compilation databases from arbitrary build systems and running over existing compilation databases.

Good to know, i think this is the first time i'm hearing of it.

This tool is also not recommended for actual users due to a number of regressions from the existing scan-build, but it might get the job done when it comes to developing and testing the analyzer itself.

I'm curious about the use case for this, since I don't think it ever makes sense to run all the alpha checks at once. These checks are typically a work in progress (they're not finished yet) and often have false positives that haven't been fixed yet.

We want to run several of the alpha checks in our codebase, and as we find bugs and FPs we can then contribute patches to fix them. Since most of our repos use compile_commands.json, it easier to do this in clang tidy instead of scan-build or clang driver.

Am i understanding correctly that the new -enable-alpha-checks flag doesn't enable alpha checks, but it only allows enabling them with a separate command?

Yes, it enables them to be selected by clang tidy.

Do you want the flag to be renamed?

Do you want the flag to be renamed?

I personally would like a bit better name, but i'm not sure what would be better, so not a requirement.

Do you have some better choices?

Do you have some better choices?

I could do -allow-alpha-checks. What do you think?

Do you have some better choices?

I could do -allow-alpha-checks. What do you think?

That seems reasonable to me. Although I like -allow-enabling-alpha-checks better because it is longer and will therefore discourage its use.

Do you think it would be possible to have a mechanism that prevents people from turning on all alpha checks at once? That is what I'm worried about. People enabling individual alpha checks to test them out is fine, but people enabling all of them is not a good experience.

Do you have some better choices?

I could do -allow-alpha-checks. What do you think?

That seems reasonable to me.

Although I like -allow-enabling-alpha-checks better because it is longer and will therefore discourage its use.

This sounds good to me too. Conveys the idea that it only *allows* to enable them, not actually enables them.

Do you think it would be possible to have a mechanism that prevents people from turning on all alpha checks at once? That is what I'm worried about. People enabling individual alpha checks to test them out is fine, but people enabling all of them is not a good experience.

While in this particular case it may make sense, it also may open the road for restricting/removing -checks=* support, which would be quite unfortunate :/

alexfh added a comment.May 3 2018, 6:33 AM

As Devin says (and as we discussed this with Anna Zaks) alpha checkers are still in development, so we don't want to expose them to the users, even very curious ones. For those who want to help with development of the alpha checkers, there's always a possibility to change one boolean literal in clang-tidy sources and build their own clang-tidy binary. Or one can use clang -analyze. Are there any use cases not covered by these two options?

clang-tidy/ClangTidy.cpp
373–376 ↗(On Diff #144245)

Should we kill the flag completely?

How about -enable-alpha-checks=yes-i-know-they-are-broken ?

alexfh requested changes to this revision.May 3 2018, 7:54 AM
alexfh added inline comments.
clang-tidy/ClangTidy.cpp
373–376 ↗(On Diff #144245)

I've removed the clang-tidy configuration option in r331456.

This revision now requires changes to proceed.May 3 2018, 7:54 AM

As Devin says (and as we discussed this with Anna Zaks) alpha checkers are still in development, so we don't want to expose them to the users, even very curious ones.

Then why do we make them available with clang --analyze? If the plan is not to expose them to the users at all, they should be removed from the codebase, as they are just sitting there bit-rotting.

Ideally, I see no problem exposing them to users. This will allow more users to run them on their codebases and submit issues or patches for the problems they find.

pfultz2 added inline comments.May 3 2018, 7:59 AM
clang-tidy/ClangTidy.cpp
373–376 ↗(On Diff #144245)

I didnt modify this line of code. Are you just wanting me to rebase?

alexfh added a comment.May 3 2018, 8:00 AM

How about -enable-alpha-checks=yes-i-know-they-are-broken ?

A hidden flag with a scary name without any way to specify it in .clang-tidy configuration file would be the closest thing to consider.

But still, could you explain the use case and why a local modification of clang-tidy is not an option?

As Devin says (and as we discussed this with Anna Zaks) alpha checkers are still in development, so we don't want to expose them to the users, even very curious ones.

Then why do we make them available with clang --analyze? If the plan is not to expose them to the users at all, they should be removed from the codebase, as they are just sitting there bit-rotting.

Ideally, I see no problem exposing them to users. This will allow more users to run them on their codebases and submit issues or patches for the problems they find.

Just so i'm perfectly clear, i find this "they are not for common user, so let's not expose them at all" approach very Gnome-like, and not really appropriate for LLVM.
With that approach, there should also not be a https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-fexperimental-new-pass-manager and maybe some other flags.

pfultz2 added a comment.EditedMay 3 2018, 8:07 AM

But still, could you explain the use case and why a local modification of clang-tidy is not an option?

Because I would like to direct users to try an alpha check on their local codebases without having to tell them to rebuild clang.

alexfh added a comment.May 3 2018, 8:16 AM

But still, could you explain the use case and why a local modification of clang-tidy is not an option?

Because I would like to direct users to try an alpha check on their local codebases without having to tell them to rebuild clang.

Okay, let's go with a hidden flag (something explicit enough, e.g. -allow-enabling-static-analyzer-alpha-checkers) and remove the clang-tidy configuration option (so that there's no way it can silently sit in the options file, and instead the flag has to be used in each clang-tidy invocation). IIUC, Devin was not completely opposed to this sort of a solution?

clang-tidy/ClangTidy.cpp
373–376 ↗(On Diff #144245)

I was just answering NoQ's comment. Sorry for the off-topic.

alexfh added a comment.May 3 2018, 8:19 AM

But still, could you explain the use case and why a local modification of clang-tidy is not an option?

Because I would like to direct users to try an alpha check on their local codebases without having to tell them to rebuild clang.

Okay, let's go with a hidden flag (something explicit enough, e.g. -allow-enabling-static-analyzer-alpha-checkers)

Or similar to what Roman suggested: -allow-enabling-static-analyzer-alpha-checkers-yes-i-know-they-can-be-broken ;)

As Devin says (and as we discussed this with Anna Zaks) alpha checkers are still in development, so we don't want to expose them to the users, even very curious ones.

Then why do we make them available with clang --analyze? If the plan is not to expose them to the users at all, they should be removed from the codebase, as they are just sitting there bit-rotting.

Ideally, I see no problem exposing them to users. This will allow more users to run them on their codebases and submit issues or patches for the problems they find.

Just so i'm perfectly clear, i find this "they are not for common user, so let's not expose them at all" approach very Gnome-like, and not really appropriate for LLVM.

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all. Making it easier to expose does not seem like it serves users because those users expect exposed features to work. Yes, they're already exposed via the static analyzer, but I think that's what should be discussed -- some of these alpha checks have been there in an alpha state for years and I don't think that's a good design for a production tool. I'd rather discuss either improving those to make them production quality or removing them entirely, not making it *easier* to access them.

Making the flag sound scary doesn't suffice -- many users never see the flags because they're hidden away in a build script, but they definitely see the diagnostics and file bug reports.

xbolva00 added inline comments.
clang-tidy/tool/ClangTidyMain.cpp
195 ↗(On Diff #144245)

This option enables...

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all.

Then why was it merged into clang in the first place? It seems like the whole point of merging it into clang is to get user feedback.

Furthermore, I am trying to update the conversion checker to report more errors, and I would like it to be exposed to users so I can find or fix the FPs.

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all.

Then why was it merged into clang in the first place? It seems like the whole point of merging it into clang is to get user feedback.

Furthermore, I am trying to update the conversion checker to report more errors, and I would like it to be exposed to users so I can find or fix the FPs.

If users cannot find / use it, you will not get any feedback. How can they be better checkers if no feedback received?

If nobody should use it, remove this "dead" code

pfultz2 updated this revision to Diff 145029.May 3 2018, 9:12 AM

Rename flag to allow-enabling-alpha-checks and removed the option from the clang-tidy file.

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all.

Then why was it merged into clang in the first place? It seems like the whole point of merging it into clang is to get user feedback.

When something is merged into Clang trunk, the expectation is that it will be production quality or will be worked on rapidly to get it to production quality, which is somewhat orthogonal to getting user feedback. I don't know that I have the full history of all of the alpha checks so my generalization may be inaccurate, but it seems like some of these checks were accepted as a WIP and the "progress" stopped for a long time with no one volunteering to remove the features from the analyzer.

Furthermore, I am trying to update the conversion checker to report more errors, and I would like it to be exposed to users so I can find or fix the FPs.

That does not require clang-tidy to surface the alpha checks, correct?

When something is merged into Clang trunk, the expectation is that it will be production quality or will be worked on rapidly to get it to production quality, which is somewhat orthogonal to getting user feedback. I don't know that I have the full history of all of the alpha checks so my generalization may be inaccurate, but it seems like some of these checks were accepted as a WIP and the "progress" stopped for a long time with no one volunteering to remove the features from the analyzer.

Some checkers work better than others, while some just need some simple fixes. Of course, no one will volunteer to fix or remove them if they aren't available to run.

That does not require clang-tidy to surface the alpha checks, correct?

A good portion of users are using clang-tidy to run the static analyzer, and I would like it to be exposed to them.

xbolva00 accepted this revision.May 3 2018, 9:33 AM
lebedev.ri added inline comments.May 3 2018, 9:39 AM
clang-tidy/tool/ClangTidyMain.cpp
195 ↗(On Diff #144245)

This option enables...

The current version is correct.

xbolva00 added inline comments.May 3 2018, 9:43 AM
clang-tidy/tool/ClangTidyMain.cpp
195 ↗(On Diff #144245)

There was "This option Enables.." when I commented it.

alexfh requested changes to this revision.May 3 2018, 9:49 AM

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all. Making it easier to expose does not seem like it serves users because those users expect exposed features to work.

That was also the sentiment static analyzer folks were voicing at some point. I also sympathize to the idea of testing checks and contributing fixes to them, but what the CSA maintainers seem to dislike is a stream of bugs for alpha checkers from users expecting of a certain level of support. So it's basically their decision whether they want to expose alpha checkers via clang frontend and/or via clang-tidy. I can only say whether I like the specific way it is done in clang-tidy.

Making the flag sound scary doesn't suffice -- many users never see the flags because they're hidden away in a build script, but they definitely see the diagnostics and file bug reports.

"We've fixed the glitch" by making everyone wanting a bugzilla account send an email to a human. So only the users who pass this sort of a Turing test will file bugs ;)

clang-tidy/ClangTidyOptions.h
80–82 ↗(On Diff #145029)

Since this will only be configurable via a flag, this option will be global (i.e. not depend on the location of the file being analyzed). I'd suggest to remove this option altogether and use something else to pass it to ClangTidyASTConsumerFactory. It could be stashed into ClangTidyASTConsumerFactory and passed as a parameter of runClangTidy, or it could live in ClangTidyContext.

clang-tidy/tool/ClangTidyMain.cpp
198 ↗(On Diff #145029)

s/checks/checkers/ (in the static analyzer's terminology)

I would also make it more explicit that these are static analyzer checkers. -allow-enabling-clang-static-analyzer-alpha-checkers or something like that.

The variable name could be AllowEnablingAnalyzerAlphaCheckers, for example.

test/clang-tidy/enable-alpha-checks.cpp
2 ↗(On Diff #145029)

grep 'allow-enabling-alpha-checks'

This revision now requires changes to proceed.May 3 2018, 9:49 AM

I think the premise is a bit off the mark. It's not that these are not for the common user -- it's that they're simply not ready for users at all. Making it easier to expose does not seem like it serves users because those users expect exposed features to work.

That was also the sentiment static analyzer folks were voicing at some point. I also sympathize to the idea of testing checks and contributing fixes to them, but what the CSA maintainers seem to dislike is a stream of bugs for alpha checkers from users expecting of a certain level of support. So it's basically their decision whether they want to expose alpha checkers via clang frontend and/or via clang-tidy. I can only say whether I like the specific way it is done in clang-tidy.

If the static analyzer people desire this feature, that would sway my position on it, but it sounds like they're hesitant as well. However, I don't think clang-tidy is beholden either -- if we don't think this functionality should be exposed and can justify that position, that should carry weight as well. From a policy perspective, I would be fine with a policy for clang-tidy where we never expose an alpha checker from the static analyzer (or only expose checks on a case by case basis) because I don't mind users having to jump through hoops to get to experimental, unsupported functionality.

As for the way this is surfaced in clang-tidy, I'm also not keen on it but I don't have an improved suggestion to make yet. I primarily don't like the fact that, as a user, I enable checks by name but for some kinds of checks I have to *also* enable them via a secondary mechanism otherwise the name doesn't even exist. This strikes me as being a likely source of confusion where forgetting one flag causes behavioral differences the user doesn't expect.

Making the flag sound scary doesn't suffice -- many users never see the flags because they're hidden away in a build script, but they definitely see the diagnostics and file bug reports.

"We've fixed the glitch" by making everyone wanting a bugzilla account send an email to a human. So only the users who pass this sort of a Turing test will file bugs ;)

Which is an even worse user experience.

pfultz2 added inline comments.May 3 2018, 12:33 PM
clang-tidy/ClangTidyOptions.h
80–82 ↗(On Diff #145029)

But it needs to be passed to getCheckNames as well, which doesn't take a ClangTidyContext.

pfultz2 updated this revision to Diff 145072.May 3 2018, 12:36 PM

Rename flag to AllowEnablingAnalyzerAlphaCheckers.

There doesn't seem to be a simple way to remove it from the ClangTidyOptions class, as a lot more functions need to be changed to support that. I would prefer to leave it there for now, and we can refactor it later. Either way, the check can't be set from a config file.

If the static analyzer people desire this feature, that would sway my position on it, but it sounds like they're hesitant as well.
However, I don't think clang-tidy is beholden either -- if we don't think this functionality should be exposed and can justify that position, that should carry weight as well. \
From a policy perspective, I would be fine with a policy for clang-tidy where we never expose an alpha checker from the static analyzer (or only expose checks on a case by case basis) because I don't mind users having to jump through hoops to get to experimental, unsupported functionality.

As folks noted here, some users prefer to use clang-tidy as a frontend for the static analyzer. If this helps them test experimental CSA features and CSA maintainers are willing to accept bug reports and potentially patches from this category of users, I don't want to create obstacles, as long as all experimental features need to be explicitly enabled.

Devin, what's your take on this?

I primarily don't like the fact that, as a user, I enable checks by name but for some kinds of checks I have to *also* enable them via a secondary mechanism otherwise the name doesn't even exist. This strikes me as being a likely source of confusion where forgetting one flag causes behavioral differences the user doesn't expect.

This particular aspect doesn't seem problematic to me. In order to observe these behavioral differences, the user would have to specify this flag at least once, get the results of experimental checkers and see the disclaimer, if we decide to add one (see below). I guess, forgetting about the existence of this flag would be quite unlikely. Forgetting the spelling of the flag should not cause any confusion - it can be looked up in the source code, found out using clang-tidy -help-hidden or asked about.

Making the flag sound scary doesn't suffice -- many users never see the flags because they're hidden away in a build script, but they definitely see the diagnostics and file bug reports.

As an additional way to ensure that this flag doesn't get specified by mistake / doesn't get buried and forgotten inside a script, clang-tidy can print a disclaimer each time it's executed with this flag.

clang-tidy/ClangTidyOptions.h
80–82 ↗(On Diff #145029)

We can add a boolean parameter to getCheckNames. ClangTidyASTConsumerFactory could get this as a constructor parameter or from ClangTidyContext.

alexfh requested changes to this revision.May 4 2018, 10:54 AM
This revision now requires changes to proceed.May 4 2018, 10:54 AM
pfultz2 updated this revision to Diff 145229.May 4 2018, 11:20 AM

Moved flag for alpha checks to the ClangTidyContext

NoQ added a comment.May 4 2018, 2:15 PM

As folks noted here, some users prefer to use clang-tidy as a frontend for the static analyzer. If this helps them test experimental CSA features and CSA maintainers are willing to accept bug reports and potentially patches from this category of users, I don't want to create obstacles, as long as all experimental features need to be explicitly enabled.

+my imho thing: i totally don't mind that category of users :)

But just one thing - as of the current (for the last few years) balance between 1.5 – 2 maintainers being blessed with really impressing amount of contributors, we really really prefer maintainance help (eg. someone who would be able to take responsibility of making sure a certain check is complete and moved out of alpha - test it thoroughly, address known issues, keep maintaining it after it is declared stable) versus random improvements and experiments on which time is being spent without any visible movement towards making the check actually available to the users in the nearest future.

In this sense bug reports against abandoned alpha checkers (which are, unfortunately, the majority) aren't very useful. In most cases it's just too easy to see how broken they are. But if you are interested in a particular checker and want to work on it to make sure it's stable, we'd be glad to help, so please contact us on the mailing list.

That's kinda where we are these days.

In this sense bug reports against abandoned alpha checkers (which are, unfortunately, the majority) aren't very useful. In most cases it's just too easy to see how broken they are.

Although the majority are like that, not all of them are. Some like the Conversion checker doesn't seem to have any issues(because its fairly limited at this point). Others like StreamChecker probably just needs some simple fixes. Maybe we can move the alpha checks that have lots of issues and no contributions for awhile to another category such as abandoned.

But if you are interested in a particular checker and want to work on it to make sure it's stable, we'd be glad to help, so please contact us on the mailing list.

I am definitely interested in working on getting some of the checkers stable, and have already started some work on expanding the ConversionChecker, but would like user feedback as I move forward.

NoQ added a comment.May 4 2018, 5:27 PM

Ok, i personally think this patch should go in. I think it makes it clear enough that an unsuspecting user would suspect something by reading the flag, and makes the feature hard enough to discover. And i'm happy to support anybody who's going to work on this stuff.


~*sorry for hijacking review with this, we should move this conversation to the list*~

I am definitely interested in working on getting some of the checkers stable, and have already started some work on expanding the ConversionChecker, but would like user feedback as I move forward.

Yay! I would most likely have a chance to help out with final evaluation of checkers before they move out of alpha.

Some like the Conversion checker doesn't seem to have any issues(because its fairly limited at this point).

Last time i tried it, it was very hard to understand positives produced by the checker. It seems that it needs to implement a relatively sophisticated "bug visitor" in order to explain why does it think that a certain conversion would overflow by highlighting the respective spot somewhere in the middle of the path. It is especially important when the value comes from an inlined function because the analyzer wouldn't draw paths through all inlined functions (it would have been overwhelming) unless something interesting happens in there.

Then somebody would need to have a look at intentional overflows and if it's possible to avoid them.

Others like StreamChecker probably just needs some simple fixes.

Hmm, at a glance, it looks almost empty.

  1. Again, it needs a bug visitor to highlight where the file was open. Otherwise many reports may become impossible to understand.
  2. It is eagerly splitting states upon file open, which doubles remaining analysis time on every file open. This needs to be deferred until an actual branch is found in the code.
  3. It needs a pointer escape callback, in order to work with wrappers around open/close functions. This needs to be complemented with a certain knowledge about the standard library, to see what functions should not cause escapes. SimpleStreamChecker has an example.
  4. If it's ever to support open()/close(), it would, apart from other things, also need an "integer escape" callback , which will require a bit of digging into the analyzer core.

Pt.4 is mostly about feature work, but Pt.1–3 are must-fix. This isn't an overwhelming amount of work, but it will take some time.

Otherwise, yeah, it's a good simple check to have. It could be expanded to support a variety of weird APIs such as fdopen() but it's also a checker that's hard to get wrong. PthreadLockChecker is also a great candidate with similar problems; i have some unfinished work on that on here on the phabricator.

alexfh accepted this revision.May 8 2018, 4:36 AM

Given Artem's answer (and if there are no objections from other CSA maintainers), I have no concerns with this patch going in. A couple of minor nits.

clang-tidy/ClangTidyDiagnosticConsumer.h
190–191 ↗(On Diff #145229)

Let's call this function more consistently with all other instances of this setting, e.g. canEnableAnalyzerAlphaCheckers() (alternatively, mayEnableAnalyzerAlphaCheckers) and change the comment to be in line with the actual meaning of the function (it doesn't turn on alpha checkers, it merely allows them to be enabled).

test/clang-tidy/enable-alpha-checks.cpp
1 ↗(On Diff #145229)

nit: Add a trailing period.

This revision is now accepted and ready to land.May 8 2018, 4:36 AM
aaron.ballman accepted this revision.May 8 2018, 4:43 AM

Aside from a minor commenting nit, also LGTM.

clang-tidy/tool/ClangTidyMain.cpp
195 ↗(On Diff #145229)

I'd reword to: This option allows enabling the experimental alpha checkers from the static analyzer.

xbolva00 accepted this revision.May 9 2018, 2:59 AM
pfultz2 updated this revision to Diff 145925.May 9 2018, 8:14 AM

Some changes based on feedback.

Is someone able to merge in my changes?

Is someone able to merge in my changes?

Will do.

Is someone able to merge in my changes?

Will do.

Please rebase the patch, it doesn't apply cleanly.

xbolva00 accepted this revision.May 16 2018, 2:12 PM
This revision was automatically updated to reflect the committed changes.