<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/87284>87284</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            -fsanitize=array-bounds and -Wunsafe-buffer-usage don't know about each other
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          davidben
      </td>
    </tr>
</table>

<pre>
    With libc++ hardening, we now have a safety difference between `std::array<T, N> arr` and `T arr[N]` in C++.

With `-Wunsafe-buffer-usage`, we also have an ergonomic difference in that the former is allowed while the latter trips the warning. (Which makes sense given the safety difference.)

That then suggests that projects targeting `-Wunsafe-buffer-usage` want to rewrite `T arr[N]` into `std::array<T, N> array`. As rewrites go, this is pretty easy to automate and then you get C++-style iterators and whatnot too. But is it worth making the compiler smarter too?

The compiler knows the sizes of arrays, so it could easily add a bounds check to `arr[i]` and make a bunch of existing code a tiny bit safer. In fact, UBSan already has `-fsanitize=array-bounds`, and a runtime that's documented as suitable for production.
https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#minimal-runtime
https://godbolt.org/z/P8E5fx8Kz (why is it emitting `ud1` instead of `ud2`?)

Perhaps `-Wunsafe-buffer-usage` should detect if UBSan has taken care of this and, if so, allow `arr[i]`?
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJyEVE1v2zgQ_TX0ZWBBpvx50CFOamCxQFGgKXIeiSORG4o0yFFU5dcvSCu72TbbXhKIHM97894bYoymd0S12J3F7mGFI2sfaoUvRjXkVo1Xc_1kWIM1TSvkWcgzaAyKnHG9kPcwETg_gcYXAoSIHfEMynQdBXItQUM8ETkQ-zKyEtWdqO4wBJxFdf-YGnwW1SfAEMS-BHQqFT7m7935s9g9pGPj4P6GXYjyQZR3t7-Zl9iX66fRJeB1MybY9RixJ7EvF3poo1_4OaDQe-cH077naBywRgbWBJ0PAwUwEdBaP5GCSRtL-c4iMwXgYK4xH0wYkg4FCHl80qbVMOAzRYjkIkFvXsjlup9kKYQ8vR_lcYF3EMe-p8jxxuga_F_Upi8MPbFx_a8GhgkdA3sINAXD9LGW7H9vBs5iXxZwF99aReh9KmBtYhLnGoh5BsI4J0Ac2Q_IlB3Mc8x-hJ74zbh15NkSGKaA7EPMhZNGdj4x9gWcR06NDcPkA2cl07hJvtYPV2MpQBwwZAe8F9XlvwK-K3t2froZFM0rRfDdbaaYJog-YbR-tCrRN3YGVAoQGj86FaHV1D7DTaSbdGaRLlFO_qba0bU69aXvJmZbWq_SBRs3Q2M4Wx4K-MNBhy0n4G_nr-gAbSBUM2iM2couojNsXklUD5nk-sZjyW_CRAijYzNQzoSQhwjKt-NAjkkBRoijYWxsDm-KjBpbNt4ty6KZrzF5LS9CXlqLri-sfRkKH3ohL8q3UcjLN6eoM47UmTS-GB--LrxCoXmwQlaDcWZAu17IfNS896rxlpfOr0Jevhw_7brvxz9f04pMel4spsHwW5pHtbkFMzKhSqLmQ5kUqC4_LMoXChqv8ZdbEHU2VxFTy2C6RfmkOOMzOWgxUMLJYUanktCmg5gTntf-J_NFdVmpulKn6oQrqjeHjSzL42lzWul6221Ph6qhLdHusJEnSYpoc8Su6g6Sts3K1LKU23JbbqQsN7t90eCemt1hV5an_a6sTmJb0oDG_uPLysQ4Un08yON2ZbEhG_MTLaWjCfKlkDK92KFOv1k3Yx_FtrQmcvy3Cxu2VP9vxnK6PpQRlHdCHjivEmDjRwbCFHnWFFZjsPUPzhvWY1O0fhDykvCXf-vlBRPyklmnqOWp_g4AAP__KW0jAw">