NoQ added inline comments.
================ Comment at: clang/docs/SafeBuffers.rst:114 + insufficient without such hardening. + (TODO: Will automatic fixits be able to suggest custom containers or views?) + (TODO: Explain how to implement such checks in a custom container?) ---------------- aaron.ballman wrote: > I would be surprised if we can find a heuristic that we'd feel confident is > correct for most situations. e.g., `Foo buffer[10];` might be a flat array... > or it might be a ring buffer without benefit of a wrapper class... or it may > be a sparse matrix... and so on. Yeah it's very non-trivial. A much harder call than the legendary hack in the fixit for `__attribute__((fallthrough))`. I'm thinking of a combination of a clang flag and an attribute, to mark sufficiently suitable classes and ask the user to pick one of them as the new default. It's not a high priority for us, and it'll definitely require some work to formalize the precise class interface / contract we're relying on in our fixits, but I totally see us doing it eventually. Repository: rC Clang CHANGES SINCE LAST ACTION https://reviews.llvm.org/D136811/new/ https://reviews.llvm.org/D136811 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits