xazax.hun added inline comments.
================ Comment at: clang/docs/SafeBuffers.rst:124 + - Array subscript expression on raw arrays or raw pointers, + - unless the index is a compile-time constant ``0``, + - Increment and decrement of a raw pointer with operators ``++`` and ``--``; ---------------- xazax.hun wrote: > Isn't this too restrictive? How about arrays where both the index and the > size of the array is known at compile time? > > Also, what about subscripts in `consteval` code where the compiler should > diagnose OOB accesses at compile time? > > I believe this model can be made more ergonomic without losing any of the > guarantees. Small ping on this point. I think there are many code patterns that are completely safe (i.e., the compiler can diagnose OOB accesses), but the current model would ban. One example is converting an enum value to string using an array of string_views. In those cases, both enum consts' value and the array's size are known at compile time. I think those easy to diagnose special cases should be permitted to make programming more ergonomic. The more ergonomic the experience, the faster the adoption will be. Repository: rC Clang CHANGES SINCE LAST ACTION https://reviews.llvm.org/D136811/new/ https://reviews.llvm.org/D136811 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
