[PATCH] D140179: [-Wunsafe-buffer-usage] Add unsafe buffer checking opt-out pragmas

[Artem Dergachev via Phabricator via cfe-commits]

NoQ accepted this revision.
NoQ added a comment.
This revision is now accepted and ready to land.

Ok I think I'm happy with the patch! Let's give other folks a few days to comment and then land?

The commit message will need to be updated to remove mentions of `DiagnosticsEngine`.

I'm somewhat surprised that there is no centralized documentation for pragmas, like there is for attributes. But I hope we'll provide enough documentation as part of D136811 <https://reviews.llvm.org/D136811>, which would also supply release notes.

---

It's worth saying out loud that this patch doesn't implement the //**opt-in**// pragma (`#pragma only_safe_buffers begin` ... `end`) as proposed in D136811 <https://reviews.llvm.org/D136811>, but only the //**opt-out**// pragma. We're actually downprioritizing it (possibly dropping entirely) because we've discovered a complete lack of symmetry between these two pragmas. While the opt-out pragma is straightforward, the opt-in pragma is very hard to get right, as it implies the possibility to turn on compiler warnings that were disabled by all other means. Moreover, because warnings enabled this way don't necessarily live between `begin` and `end`, this makes it tricky to avoid running unsafe buffer usage analysis on the entire translation unit even when the warning is completely disabled and there are no opt-in pragmas anywhere in the translation unit. So there are a lot of potential scary interactions that we'll have to address before we consider implementing the opt-in pragma. They probably can be addressed, but it'll take us some time to come up with a good design.


CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D140179/new/

https://reviews.llvm.org/D140179