[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Nov 3 11:28:44 PDT 2022
NoQ added inline comments.
================
Comment at: clang/docs/SafeBuffers.rst:114
+ insufficient without such hardening.
+ (TODO: Will automatic fixits be able to suggest custom containers or views?)
+ (TODO: Explain how to implement such checks in a custom container?)
----------------
aaron.ballman wrote:
> I would be surprised if we can find a heuristic that we'd feel confident is correct for most situations. e.g., `Foo buffer[10];` might be a flat array... or it might be a ring buffer without benefit of a wrapper class... or it may be a sparse matrix... and so on.
Yeah it's very non-trivial. A much harder call than the legendary hack in the fixit for `__attribute__((fallthrough))`.
I'm thinking of a combination of a clang flag and an attribute, to mark sufficiently suitable classes and ask the user to pick one of them as the new default.
It's not a high priority for us, and it'll definitely require some work to formalize the precise class interface / contract we're relying on in our fixits, but I totally see us doing it eventually.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D136811/new/
https://reviews.llvm.org/D136811
More information about the cfe-commits
mailing list