[cfe-dev] [clang-tidy] memory safe C++ subset

[Noah L via cfe-dev]

Hi all. I'm new here.

I've written a library[1] that makes it practical to write (mostly) memory
safe C++ code by substituting the potentially dangerous elements of C/C++
(pointers, arrays, etc.) with fast[2] compatible memory safe replacements.

So it may perhaps now be reasonable to adopt a coding standard that bans
most of the potentially unsafe elements of C/C++.

Enforcing such a ban would require a set of clang-tidy checks (or something
similar) to identify any instances of potentially unsafe elements. I don't
have any experience with clang-tidy development, but I imagine that such a
check set should be fairly straightforward for someone that does have
experience writing clang-tidy checks. I mean, they wouldn't have to do any
semantic analysis or anything, they would just need to find any instances
of potentially unsafe elements. And the set of potentially (memory) unsafe
C/C++ elements is finite, right? Off the top of my head:

unsafe C elements:
pointers (including function pointers), arrays, unions, casts, a lot of
standard library functions, arguably primitives that allow access to
uninitialized state

unsafe C++ elements:
references, a bunch of the standard library elements (smart pointer
implementations that allow unchecked nullptr dereferencing, unchecked
container implementations), reinterpret_cast<>

Am I missing anything?

As far as I know, this solution provides a degree of memory safety and
performance not previously available to C/C++ developers. The next closest
option would probably be building with the sanitizers turned on. While
that's a more convenient solution, the results are inferior both in terms
of safety and performance [3]. I'm kind of trying to sell it here because
I'm hoping someone here will be convinced enough to go ahead and start
implementing the checks (to identify instances of potentially unsafe
elements). While I would be ready to contribute to the effort, I'm not sure
I have the spare cycles (or expertise) to do it myself.

But maybe I'm getting ahead of myself. Do people even subscribe to the
premise here? Would such a set of checks be accepted into clang-tidy?


[1] https://github.com/duneroadrunner/SaferCPlusPlus
[2] https://github.com/duneroadrunner/SaferCPlusPlus-BenchmarksGame
[3]
https://duneroadrunner.github.io/SaferCPlusPlus/#safercplusplus-versus-clangllvm-sanitizers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170127/269dcdb8/attachment.html>