[PATCH] D139737: [-Wunsafe-buffer-usage] Initiate Fix-it generation for local variable declarations
Ziqing Luo via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 6 13:39:59 PST 2023
ziqingluo-90 added inline comments.
================
Comment at: clang/lib/Analysis/UnsafeBufferUsage.cpp:703
+ case Strategy::Kind::Span:
+ return FixItList{};
+ case Strategy::Kind::Wontfix:
----------------
jkorous wrote:
> jkorous wrote:
> > jkorous wrote:
> > > I am afraid I might have found one more problem :(
> > > I believe that for `span` strategy we have to make sure the index is > 0. Otherwise
> > > That means either an unsigned integer or signed or unsigned literal that is greater than 0.
> > > For the literal you can take inspiration here:
> > > https://reviews.llvm.org/D142795
> > >
> > @ziqingluo-90 Sorry, looks like I wasn't clear here.
> > One case (that you've already addressed) is `ptr[-5]` - for that we can't use `std::span::operator[]` as it would immediately trap.
> > But there's the other case of:
> > ```
> > uint8_t foo(uint8_t *ptr, int idx) {
> > return ptr[idx]
> > }
> > ```
> > If anyone uses a value that's both signed and not a compile-time constant then our compile-time analysis can not prove that the index is always >= 0 and consequently we can't use `std::span::operator[]` as a replacement.
> > That's why I think we really need to make sure that the index is ether a) positive literal or b) unsigned.
> > WDYT?
> >
> >
> And yes ... I was wrong - literal `0` is totally fine. Thanks for spotting that!
I think you are right. Fixed it.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D139737/new/
https://reviews.llvm.org/D139737
More information about the cfe-commits
mailing list