NoQ added inline comments.
================
Comment at: clang/docs/SafeBuffers.rst:114
+   insufficient without such hardening.
+   (TODO: Will automatic fixits be able to suggest custom containers or views?)
+   (TODO: Explain how to implement such checks in a custom container?)
----------------
aaron.ballman wrote:
> I would be surprised if we can find a heuristic that we'd feel confident is 
> correct for most situations. e.g., `Foo buffer[10];` might be a flat array... 
> or it might be a ring buffer without benefit of a wrapper class... or it may 
> be a sparse matrix... and so on.
Yeah it's very non-trivial. A much harder call than the legendary hack in the 
fixit for `__attribute__((fallthrough))`.

I'm thinking of a combination of a clang flag and an attribute, to mark 
sufficiently suitable classes and ask the user to pick one of them as the new 
default.

It's not a high priority for us, and it'll definitely require some work to 
formalize the precise class interface / contract we're relying on in our 
fixits, but I totally see us doing it eventually.


Repository:
  rC Clang

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D136811/new/

https://reviews.llvm.org/D136811

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to