[PATCH] D137379: [-Wunsafe-buffer-usage] Add warnings for unsafe buffer accesses by array subscript operations
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 28 14:22:17 PST 2022
steakhal added inline comments.
================
Comment at: clang/test/SemaCXX/warn-unsafe-buffer-usage.cpp:10-13
+void foo(...);
+
+void * bar(void);
+char * baz(void);
----------------
NoQ wrote:
> ziqingluo-90 wrote:
> > steakhal wrote:
> > > I would expect this test file to grow quite a bit.
> > > As such, I think we should have more self-descriptive names for these functions.
> > >
> > > I'm also curious what's the purpose of `foo()`in the examples.
> > Thanks for the comment. I agree that they should have better names or at least explaining comments.
> >
> > > I'm also curious what's the purpose of `foo()`in the examples.
> >
> > I make all testing expressions arguments of `foo` so that I do not have to create statements to use these expressions while avoiding irrelevant warnings.
> That's pretty cool but please note that when `foo()` is declared this way, it becomes a "C-style variadic function" - a very exotic construct that you don't normally see in code (the only practical example is the `printf`/`scanf` family of functions). So it may be good that we cover this exotic case from the start, but it may also be really bad that we don't cover the *basic* case.
>
> C++ offers a different way to declare variadic functions: //variadic templates// (https://en.cppreference.com/w/cpp/language/parameter_pack). These are less valuable to test because they expand to AST that's very similar to the basic case, but that also allows you to cover the basic case better.
>
> Or you can always make yourself happy with a few overloads that cover all your needs, it's not like we're worried about code duplication in tests:
> ```lang=c++
> void foo(int);
> void foo(int, int);
> void foo(int, int, int);
> void foo(int, int, int, int);
> void foo(int, int, int, int, int);
> void foo(int, int, int, int, int, int);
> ```
IMO its fine. I would probably call it `sink()` though. Ive used the same construct for the same reason in CSA tests with this name.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D137379/new/
https://reviews.llvm.org/D137379
More information about the cfe-commits
mailing list