| Issue |
87284
|
| Summary |
-fsanitize=array-bounds and -Wunsafe-buffer-usage don't know about each other
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
davidben
|
With libc++ hardening, we now have a safety difference between `std::array<T, N> arr` and `T arr[N]` in C++.
With `-Wunsafe-buffer-usage`, we also have an ergonomic difference in that the former is allowed while the latter trips the warning. (Which makes sense given the safety difference.)
That then suggests that projects targeting `-Wunsafe-buffer-usage` want to rewrite `T arr[N]` into `std::array<T, N> array`. As rewrites go, this is pretty easy to automate and then you get C++-style iterators and whatnot too. But is it worth making the compiler smarter too?
The compiler knows the sizes of arrays, so it could easily add a bounds check to `arr[i]` and make a bunch of existing code a tiny bit safer. In fact, UBSan already has `-fsanitize=array-bounds`, and a runtime that's documented as suitable for production.
https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html#minimal-runtime
https://godbolt.org/z/P8E5fx8Kz (why is it emitting `ud1` instead of `ud2`?)
Perhaps `-Wunsafe-buffer-usage` should detect if UBSan has taken care of this and, if so, allow `arr[i]`?
![]()
_______________________________________________
llvm-bugs mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
