[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.
Gábor Horváth via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 7 09:10:46 PST 2022
xazax.hun added inline comments.
================
Comment at: clang/docs/SafeBuffers.rst:124
+ - Array subscript expression on raw arrays or raw pointers,
+ - unless the index is a compile-time constant ``0``,
+ - Increment and decrement of a raw pointer with operators ``++`` and ``--``;
----------------
xazax.hun wrote:
> Isn't this too restrictive? How about arrays where both the index and the size of the array is known at compile time?
>
> Also, what about subscripts in `consteval` code where the compiler should diagnose OOB accesses at compile time?
>
> I believe this model can be made more ergonomic without losing any of the guarantees.
Small ping on this point. I think there are many code patterns that are completely safe (i.e., the compiler can diagnose OOB accesses), but the current model would ban. One example is converting an enum value to string using an array of string_views. In those cases, both enum consts' value and the array's size are known at compile time. I think those easy to diagnose special cases should be permitted to make programming more ergonomic. The more ergonomic the experience, the faster the adoption will be.
Repository:
rC Clang
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D136811/new/
https://reviews.llvm.org/D136811
More information about the cfe-commits
mailing list