[clang] [attributes][-Wunsafe-buffer-usage] Support adding unsafe_buffer_usage attribute to struct fields (PR #101585)
Artem Dergachev via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 13 12:21:02 PDT 2024
================
@@ -6835,6 +6837,31 @@ the proper solution would be to create a different function (possibly
an overload of ``baz()``) that accepts a safe container like ``bar()``,
and then use the attribute on the original ``baz()`` to help the users
update their code to use the new function.
+
+Attribute attached to fields:
+
+The attribute should only be attached to struct fields, if the fields can not be
+updated to a safe type with bounds check, such as std::span. In other words, the
+buffers prone to unsafe accesses should always be updated to use safe containers/views
+and attaching the attribute must be last resort when such an update is infeasible.
+
+The attribute can be placed on individual fields or a set of them as shown below.
+.. code-block:: c++
+
+ struct A {
+ [[clang::unsafe_buffer_usage]]
+ int *ptr1;
+
+ [[clang::unsafe_buffer_usage]]
+ int *ptr2, buf[10];
+
+ [[clang::unsafe_buffer_usage]]
+ size_t sz;
+ };
+
+Here, every read/write to the fields ptr1, ptr2, buf and sz will trigger a warning that the
+field has been explcitly marked as unsafe due to unsafe-buffer operations.
+
----------------
haoNoQ wrote:
Discussed offline - what I proposed is "a" solution but very much not necessarily "the" solution so we probably shouldn't outright recommend it in a document as low-level as compiler documentation.
https://github.com/llvm/llvm-project/pull/101585
More information about the cfe-commits
mailing list