[libcxx-commits] [libcxx] Suppress a redundant hardening check in basic_string_view::substr (PR #91804)
David Benjamin via libcxx-commits
libcxx-commits at lists.llvm.org
Thu May 16 10:30:27 PDT 2024
davidben wrote:
I'm happy to put together a microbenchmark that will definitely show this (I mean `substr` is barely any instructions!), but I don't think that's a great use of time. This should be looked at in the context of getting C++ to a bounds-safe place, libc++ hardening, and `-Wunsafe-buffer-usage`. `substr` (respectively, `subspan`) is the bounds-safe version of pointer arithmetic in `string_view` (respectively, `span`).
In order for C++ projects to replace the unsafe patterns with safe ones with minimal handwringing, we need to eliminate the redundant checks so that there is budget for the non-redundant ones. The hardening check here is redundant by way of a type invariant. The problem is simply that the compiler cannot infer type invariants. We can do this with `_LIBCPP_ASSUME` instead, but as noted, it requires https://github.com/llvm/llvm-project/pull/91801 and https://github.com/llvm/llvm-project/issues/91619. A private constructor gives more reliable performance across compilers, so I went with that one.
https://github.com/llvm/llvm-project/pull/91804
More information about the libcxx-commits
mailing list