[cfg] Update labels file for updated checkers #4383
Conversation
Since the last release some ClangSA checkers were moved to different packages and some new checkers were introduced. This change updates the label configuration of CodeChecker to reflect this.
gamesh411
force-pushed
the
checker-label-update
branch
from
41555b3 to
09fb4bd
Compare
| @@ -788,6 +812,13 @@ | |||
| "profile:sensitive", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "cert-arr39-c": [ | |||
There was a problem hiding this comment.
this checker is an alias of the bugprone-sizeof-expression.
To avoid duplicate findings, we just add the main checker to the profiles and the guidelines. So please move these to the bugprone-sizeof-expression.
"guideline:sei-cert",
"profile:security",
"sei-cert:arr39-c",
There was a problem hiding this comment.
moving there, this and the bugprone-sizeof-expression is also quite noisy
| @@ -796,6 +827,13 @@ | |||
| "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/con54-cpp.html", | |||
| "severity:MEDIUM" | |||
| ], | |||
| "cert-ctr56-cpp": [ | |||
| "doc_url:https://clang.llvm.org/extra/clang-tidy/checks/cert/ctr56-cpp.html", | |||
There was a problem hiding this comment.
this is just an alias checker please move teh guideline and sei-cert profile correspondence to
checker
bugprone-pointer-arithmetic-on-polymorphic-object
config/labels/analyzers/clangsa.json
Outdated
| @@ -278,7 +273,7 @@ | |||
| "profile:sensitive", | |||
| "severity:HIGH" | |||
| ], | |||
| "alpha.unix.SimpleStream": [ | |||
| "unix.SimpleStream": [ | |||
There was a problem hiding this comment.
maybe to profile:default depending how noisy it is
gamesh411
force-pushed
the
checker-label-update
branch
from
7c0ba25 to
28504b8
Compare
gamesh411
force-pushed
the
checker-label-update
branch
from
28504b8 to
1c93f14
Compare
|
I have checked the reports for clangsa and tidy, and this is what I came up with. |
There was a problem hiding this comment.
Please add back the severity and link documentation of
- cert-arr39-c
- cert-ctr56-cpp
checkers, but don't assign them to profiles.
I am hesitant about adding bugprone-return-const-ref-from-parameter and bugprone-pointer-arithmetic-on-polymorphic-object to the default profile.
Since the last release some ClangSA checkers were moved to different packages and some new checkers were introduced. This change updates the label configuration of CodeChecker to reflect this.
I just eyeballed the severities and the profiles, so it's open for suggestions.
Notes:
alpha.security.taint.TaintPropagation does not have a documentation link, so I just put the GenericTaintChecker link as doc-url. Alternatively, we could use doc entry: https://clang.llvm.org/docs/analyzer/user-docs/TaintAnalysisConfiguration.html
With this patch, all the taint-related checkers share the same severity and profiles as the now-removed alpha.security.taint.TaintPropagation.
I put BlockInCriticalSection in the default profile, as I have deemed it not too noisy, and the results were meaningful IMO.