jkorous added inline comments.
================
Comment at: clang/lib/Analysis/UnsafeBufferUsage.cpp:703
+ case Strategy::Kind::Span:
+ return FixItList{};
+ case Strategy::Kind::Wontfix:
----------------
jkorous wrote:
> I am afraid I might have found one more problem :(
> I believe that for `span` strategy we have to make sure the index is > 0.
> Otherwise
> That means either an unsigned integer or signed or unsigned literal that is
> greater than 0.
> For the literal you can take inspiration here:
> https://reviews.llvm.org/D142795
>
@ziqingluo-90 Sorry, looks like I wasn't clear here.
One case (that you've already addressed) is `ptr[-5]` - for that we can't use
`std::span::operator[]` as it would immediately trap.
But there's the other case of:
```
uint8_t foo(uint8_t *ptr, int idx) {
return ptr[idx]
}
```
If anyone uses a value that's both signed and not a compile-time constant then
our compile-time analysis can not prove that the index is always >= 0 and
consequently we can't use `std::span::operator[]` as a replacement.
That's why I think we really need to make sure that the index is ether a)
positive literal or b) unsigned.
WDYT?
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D139737/new/
https://reviews.llvm.org/D139737
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
