[LLVMdev] Compile time checks and GCC's '__warning__' attribute

[coles.david at gmail.com]

Hi,

I've been trying to implement some basic compile time checks such as using
"__builtin_object_size" to verify certain preconditions (such as ensuring a
function that is passed a byte array contains a minimum number of bytes).
This turned out to be a little tricker than expected as "_Static_assert"
and similar mechanisms can't be used since "__builtin_object_size" can't be
used as a integral constant expression.

Most GCC code I've looked at uses the "__warning__" or "__error__"
attributes to declare trap functions that if not eliminated via dead-code
elimination will generate a compiler warning or error (big improvement over
just a runtime abort). For example:

    size_t d_len = __builtin_object_size(d, 0);
    if (__builtin_constant_p(copy_amount) && (copy_amount > d_len)) {
         // declared with __attribute__((__error__("memcpy called with size
bigger than destination")));
        __memcpy_dest_size_error();
    }

Sadly neither of these attributes are currently supported in Clang. Is this
a reasonable feature request or does Clang have some better mechanism?
(Perhaps the Static Analyzer?)

I notice that Clang supports both the "deprecated" and "unavailable"
attributes, but these serve a slightly different purpose of warning or
preventing a user from calling certain functions.

Probably the most promising option appears to be Clang 3.5's new
"enable_if" function attribute that could be used to make the function
unavailable if it violates certain preconditions.

Cheers,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20140506/0d08175a/attachment.html>