[clang] [attributes][-Wunsafe-buffer-usage] Support adding unsafe_buffer_usage attribute to struct fields (PR #101585)

Artem Dergachev via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 13 12:21:02 PDT 2024


================
@@ -6835,6 +6837,31 @@ the proper solution would be to create a different function (possibly
 an overload of ``baz()``) that accepts a safe container like ``bar()``,
 and then use the attribute on the original ``baz()`` to help the users
 update their code to use the new function.
+
+Attribute attached to fields:
+
+The attribute should only be attached to struct fields, if the fields can not be
+updated to a safe type with bounds check, such as std::span. In other words, the
+buffers prone to unsafe accesses should always be updated to use safe containers/views
+and attaching the attribute must be last resort when such an update is infeasible.
+
+The attribute can be placed on individual fields or a set of them as shown below.
+.. code-block:: c++
+
+  struct A {
+    [[clang::unsafe_buffer_usage]]
+    int *ptr1;
+
+    [[clang::unsafe_buffer_usage]]
+    int *ptr2, buf[10];
+
+    [[clang::unsafe_buffer_usage]]
+    size_t sz;
+  };
+
+Here, every read/write to the fields ptr1, ptr2, buf and sz will trigger a warning that the
+field has been explcitly marked as unsafe due to unsafe-buffer operations.
+
----------------
haoNoQ wrote:

Discussed offline - what I proposed is "a" solution but very much not necessarily "the" solution so we probably shouldn't outright recommend it in a document as low-level as compiler documentation.

https://github.com/llvm/llvm-project/pull/101585


More information about the cfe-commits mailing list