Requirements for production-ready StreamChecker

I started improving the simpleStreamChecker and the video talk on building a
simple stream checker was very helpful.

I have a couple of questions.

1. The function `SimpleStreamChecker::initIdentifierInfo' gets called every
time functions `checkPostCall' and `checkPreCall' are invoked. Is it
necessary?
What I understand is that initIdentifierInfo maps a token with the function
name (e.g. fopen, fclose) into the ASTContext.
So as long as there is one call to initIdentifierInfo during the analysis it
should be okay, right?

2. Should we use BugType::setSuppressOnSink() for all the non-severe bugs?

I started improving the simpleStreamChecker and the video talk on building a
simple stream checker was very helpful.

Great. We also have http://clang-analyzer.llvm.org/checker_dev_manual.html

I have a couple of questions.

1. The function `SimpleStreamChecker::initIdentifierInfo' gets called every
time functions `checkPostCall' and `checkPreCall' are invoked. Is it
necessary?
What I understand is that initIdentifierInfo maps a token with the function
name (e.g. fopen, fclose) into the ASTContext.
So as long as there is one call to initIdentifierInfo during the analysis it
should be okay, right?

The function is not doing any work if it has already been called before. We need to ensure it is called at least once.

2. Should we use BugType::setSuppressOnSink() for all the non-severe bugs?

Not in all cases. The idea is that in some cases a report will most likely be invalid if there is a sink after it on the same path. In that case, we do not want to show the report. This method allows to convey that to the bug reporter.