<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/107904>107904</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [[clang::unsafe_buffer_usage]] in libc++
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            libc++
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          danakj
      </td>
    </tr>
</table>

<pre>
    There are many methods in libc++ which can cause out-of-bounds issues when given incorrect inputs, such as any method that takes one or more iterators as its inputs, or that takes a pointer input.

Will libc++ be annotating such methods with `[[clang::unsafe_buffer_usage]]`? Is the project open to adding such annotations on methods that receive iterators (instead of ranges)?

Concrete example: `std::ranges::subrange::subrange(iterator, sentinel)` if given invalid inputs will create a subrange that goes out of bounds. This is similar to `std::span(first, size)`, which is currently hard-coded in the compiler as-if it were marked with `[[clang::unsafe_buffer_usage]]`. Other examples: `std::span::span(first, last)`, `std::vector::insert(pos, first, last)`, `std::memcpy(dest, src, count)`.

Putting such annotations in libc++ will help callers avoid unsafe APIs and transition to safer ones.

We would need need all `[[clang::unsafe_buffer_usage]]` to live behind a config define to allow enabling it separately from rolling libc++ though.

Thoughts? Is this something we could do now? At some future time? Explicitly undesirable?

cc: @haoNoQ @ziqingluo-90 @jkorous-apple @ldionne 
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJycVU1v4zgP_jXKhUjgKh9NDj6k0zfAXN6dBQrscUBLtM1WlrwSlUzn1y_kJG1azGF2AcP6pPjw4UMJU-LOE9Vq_aDWjzPM0odYW_T48jxrgn2tn3qKBBgJBvSvMJD0wSZgD44bo_SD0g9w6tn0YNCDwZwIQpZ5aOdNyL7sTSlTglNPHjo-kgf2JsRIRoD9mCUp_QVSNj1ggncvID0KCL5QguAJQoQhRAIWiighprKdJd0cEuKtEcIY2AvF846Fqh5VtT___2LnbkNoCND7ICjsuzOYa6wnlh7UpppIejAOfaeWe7XcZ5-wpe9NbluK33PCjtT6sXybSi0P8DWB9ARjDM8l1jCSBwmA1r75uPoMvsT45nIKIpIhPt7Gq_SWfRJCC6GFiL6jpPROLQ-3oX0J3kQSAvqBw-hILfcFfhJ7hn2xm_opN9Pw00hvr06n1JAX9uSKq00F3L6l8YiO7YV_OBVKTSQUAoTrWedYulCSmKXgPstiAU89F3FA4oEdxkLNLcw0old623JMMqHgn3RGUEZnyXECk2MkL-4Veox2boKlgmhi3oRhZEcRMM25BRY40aTk-EL2v-V1AX9IT_HKbfpM7oT6l_gdlvaK_9bmSKYwPfXZJ4qi9HYMk6J_w3ygwYyvSm8tXZiKpjQmZH8x-SD9b1nklwL8VNQlnT25EQw6R6XcjoEtnNmB_bevpVgtSESfuJxQMljWYinX9LHcCE4hOwue6PJD5_41-8WDKzXRUM_eAoIJvuUOLLXsaaou58IJyGPjSpAskGjEiELuFdoYBojBTUs3sUofctd_QPw0TUl6K-Si1FAKtNieirhKPDaAD6eyaS_TOrRZciQQHqhM_-_H6NhwEWj2lhJHbEpNfihZYyYdraoew__Dn6X3k_9m37kc5ruqjJ9fQgw5zXEcHZUJZzl4TzCz9dLuljucUX13r9e7aru5X836etVud_dbaxqtt3qzNra618ttdUdNc7drqmbGta70qtpVu7tdtVquFrTZWMIlrZe6aojWalXRgOwWzh2HRYjdbLrL67vqfletZg4bcml6PLR-Z1NpXR6TWBereZO7VNBykvR-jrC4y7PzW7n_qM1Zjq7uRcbpFtMHpQ8dS5-bhQmD0ofi5tLML7ev0ofzO6T04QL_WOt_AgAA__9MIEwB">