xazax.hun added a comment. In https://reviews.llvm.org/D35068#811437, @NoQ wrote:
> It'd look good in clang-tidy (especially if extended to provide fixits), but > if Daniel is interested in having this feature in the analyzer (and picked by > clang-tidy from there), i wouldn't mind. > > I wonder how noisy this check is - did you test it on large codebases? > Because these functions are popular, and in many cases it'd be fine to use > insecure functions, i wonder if it's worth it to have this check on by > default. Like, if it's relatively quiet - it's fine, but if it'd constitute > 90% of the analyzer's warnings on popular projects, that'd probably not be > fine. This patch basically extends an already existing static analyzer check. Even if tidy might be a better fit, I wonder what is the right thing to do in this case. We either end up overlapping functionality with the analyzer and tidy or have to come up with a policy what to do in this such cases. Repository: rL LLVM https://reviews.llvm.org/D35068 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
