In D45420#1070587, @hsaito wrote:

Side effect of that is D45552 will have to land in Transform first and then move to Analysis when the descriptors move.

Add a comment.

LGTM

can add extra notes like

In D45682#1074407, @george.karpenkov wrote:

I'm new to the taint visitor, but I am quite confused by your change description.

and many checkers rely on it

How can other checkers rely on it if it's private to the taint checker?

Thanks for your review, george! TaintBugVisitor is an utility to add extra information to illustrate where the taint information originated from. There are several checkers use taint information, e.g. ArrayBoundCheckerV2.cpp, in some cases it will report a warning, like warning: Out of bound memory access (index is tainted). If TaintBugVisitor moves to BugReporterVisitors.h, ArrayBoundCheckerV2 can add extra notes like Taint originated here to the report by adding TaintBugVisitor.

antipatterns or security could be another potential category name.

The code looks good apart from a few minor nits. I think I would prefer a new category created for this checker instead of using alpha; let's see what @NoQ has to say.

Actually, we do have unittests in tools/clang/unittest/Analysis.
@alexfh would you be able to write a unittest in there? It should be fairly easy following the structure of e.g. tools/clang/Analysis/CloneDetectionTest.cpp.
This would also help to ensure this entry point does not bit rot.

ping

In D41979#1074569, @modocache wrote:

Thanks, @JDevlieghere! I added two tests like the ones you described. Thankfully it doesn't crash because llvm-bcanalyzer verifies the bitcode invariant that input sizes be a multiple of 4.

Do we really want to call this tool Archer? I understand that it was written for that purpose but IMO this can serve a much more general purpose, even without the Archer "framework" around it.

I think spaces that will be removed should be counted - long long is 9.

I think spaces that will be removed should be counted - long long is 9.