[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

NoQ added a comment. I'll move this PR to github, and I'll update it to reflect the current state of things, with the aim to have it in good shape (and, possibly, land) before the Dev Meeting. There weren't any major course corrections, but I'll need to spell out what are the things that we've

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

NoQ added inline comments. Comment at: clang/docs/SafeBuffers.rst:213 + +The attribute is NOT warranted when the function has runtime protection against +overflows, assuming hardened libc++, assuming that containers constructed aaron.ballman wrote: > NoQ wrote: >

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

aaron.ballman added inline comments. Comment at: clang/docs/SafeBuffers.rst:40-41 + - Finally, in order to avoid bugs in newly converted code, the +Clang static analyzer provides a checker to find misconstructed +``std::span`` objects. + NoQ wrote: > aar

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

NoQ added inline comments. Comment at: clang/docs/SafeBuffers.rst:40-41 + - Finally, in order to avoid bugs in newly converted code, the +Clang static analyzer provides a checker to find misconstructed +``std::span`` objects. + aaron.ballman wrote: > NoQ

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

aaron.ballman added inline comments. Comment at: clang/docs/SafeBuffers.rst:92 + +However, no automatic code modernizer for plain C is not provided, +and the hardened C++ standard library cannot benefit C code, which limits Comment at: clang/d

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

steakhal added inline comments. Comment at: clang/docs/SafeBuffers.rst:31 +convert large amounts of old code to conform to the warning; + - Attribute ``[[unsafe_buffer_usage]]`` lets you annotate custom functions as +unsafe, while providing a safe alternative that can of

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

NoQ added inline comments. Comment at: clang/docs/SafeBuffers.rst:31 +convert large amounts of old code to conform to the warning; + - Attribute ``[[unsafe_buffer_usage]]`` lets you annotate custom functions as +unsafe, while providing a safe alternative that can often b

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

NoQ updated this revision to Diff 478450. NoQ marked 42 inline comments as done. NoQ added a comment. Herald added a subscriber: arphaman. Addressed review comments up until The Attribute section. Folks, thanks a lot for reading this longread so thoroughly. I'm very grateful. CHANGES SINCE LAST

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

steakhal added a comment. As I was reading I'll highlighted some typos. `compile time` -> `compile-time` /g By the looks of it, this document is not referenced anywhere. I believe `clang/docs/index.rst` should refer to this document in some place. Thanks for the huge effort driving this you all!

[PATCH] D136811: [-Wunsafe-buffer-usage] WIP: RFC: NFC: User documentation.

xazax.hun accepted this revision. xazax.hun added a comment. This revision is now accepted and ready to land. Overall, the document looks good to me, I like the general direction. I still see some pending comments (mostly small wording fixes) from Aaron. Repository: rC Clang CHANGES SINCE LA

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

NoQ added a comment. > My biggest request is: please try to keep this document in sync with reality > so that we don't introduce confusion to the reviews. Yes, so we'll need the code to incrementally catch up to the document, but I'm absolutely updating this document every time the vision itsel

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

aaron.ballman added a comment. In D136811#3913759 , @jkorous wrote: > @aaron.ballman We'd like to start making progress on the implementation in > parallel to iterating on the documentation and this is our first patch: > https://reviews.llvm.org/D137346

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

jkorous added a comment. @aaron.ballman We'd like to start making progress on the implementation in parallel to iterating on the documentation and this is our first patch: https://reviews.llvm.org/D137346 Since we'll have about 4 people working full-time on this it isn't reasonable to expect yo

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

xazax.hun added inline comments. Comment at: clang/docs/SafeBuffers.rst:124 + - Array subscript expression on raw arrays or raw pointers, + - unless the index is a compile-time constant ``0``, + - Increment and decrement of a raw pointer with operators ``++`` and ``--``; -

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

aaron.ballman added inline comments. Comment at: clang/docs/SafeBuffers.rst:31 +convert large amounts of old code to conform to the warning; + - Attribute ``[[unsafe_buffer_usage]]`` lets you annotate custom functions as +unsafe, while providing a safe alternative that c

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

jkorous added inline comments. Comment at: clang/docs/SafeBuffers.rst:173 + #pragma unsafe_buffer_usage begin + +Such pragmas not only enable incremental adoption with much smaller granularity, aaron.ballman wrote: > jkorous wrote: > > aaron.ballman wrote: > >

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

NoQ added inline comments. Comment at: clang/docs/SafeBuffers.rst:31 +convert large amounts of old code to conform to the warning; + - Attribute ``[[unsafe_buffer_usage]]`` lets you annotate custom functions as +unsafe, while providing a safe alternative that can often b

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

xazax.hun added inline comments. Comment at: clang/docs/SafeBuffers.rst:31 +convert large amounts of old code to conform to the warning; + - Attribute ``[[unsafe_buffer_usage]]`` lets you annotate custom functions as +unsafe, while providing a safe alternative that can o

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

jkorous added a comment. Thank you for the feedback Gábor! Comment at: clang/docs/SafeBuffers.rst:36-37 +hardened mode where C++ classes such as ``std::vector`` and ``std::span``, +together with their respective ``iterator`` classes, are protected +at runtime agains

[PATCH] D136811: -Wunsafe-buffer-usage: WIP: RFC: NFC: User documentation.

NoQ added inline comments. Comment at: clang/docs/SafeBuffers.rst:114 + insufficient without such hardening. + (TODO: Will automatic fixits be able to suggest custom containers or views?) + (TODO: Explain how to implement such checks in a custom container?)