steakhal added a comment. In D91000#2469898 <https://reviews.llvm.org/D91000#2469898>, @lebedev.ri wrote:
> I think the question is, *why* are these checks being implemented? > Just to claim that for some particular rule there is a check, and cross it > off a list? Initially, yes. I think one could learn a lot from contributing to any project. It's not inherently a bad thing to combine these two. > Or for them to be actually used? I want a useful checker, that's why I highlighted some of my concerns and suggested a way forward. It might not be useful to everyone as it //tries to// implement a domain-specific CERT rule, but it's still up to the user to enable this. I think we should ask, who is the audience of this checker? I assume only the users who are interested in the CERT guideline would use this. At this point, we should be clear about what we are checking for. I think it's OK, to say that only a part of the rule is implemented, and we should carefully document this fact. But IMO one should go the extra mile to try hard and implement the other parts of the rule as well. Like, matching on the `setbuf` is not that hard really. The rest of the missing functions probably fall into the same category. I might be wrong on this though. Keep in mind that I'm not tidy dev, so take my opinion with a pinch of salt. Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D91000/new/ https://reviews.llvm.org/D91000 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
